 So, my name is David Lin, I'm here representing Symantec and the person who's really supposed to be speaking is actually in the audience, somehow she's just pawned this off to me. But give me a second, but I'm from Symantec and I want to talk to you about how to get my monitor to do the right thing, okay, let's start this again. So I'm David Lin. A pretty deep sigh is our Symantec OpenStack Evangelista. And I, for lack of a better term, I'm the Evangelista enabler. So Symantec has been on a journey over the cloud, past 18 months, starting from an inkling of an idea that OpenStack, open source, cloud, cloud platform is important. And through the 18 months, we've taken an amazing journey. And I want to thank everybody here, everybody out there for everything you've done for us to bring us to this point. So today, here's a few things I wanted to cover. The first is a video clip, it's a little bit late in the day, but a video clip which basically talks about up being down, down being up. And one thing that's important to note about the videotape, you might want to take notes because there's going to be a quiz after. So take notes on the things you find interesting in the video, and we can talk about that in a minute. Then we'll go through my personal journey, how I kind of got to Symantec, my journey through Symantec, Symantec's journey to here. And then Symantec's journey to the open cloud. Along the way, there's some stuff that we did that we're proud of, some stuff that we did that, well, we just kind of swept under the rug, but they were learnings. And then along all of that, there's some emergent themes and principles that apply. So you're ready for the clip? No pads out? All right. A couple of questions. Has anybody been to Disney World? Anybody been on the Pirates of the Caribbean? Anybody know who Johnny Depp is and Jack Sparrow? All right, so this may be familiar. One down. Up. What's that? What is that? What do you think? Where? There. It's like jumping to the mast, upside down to win the boat flips, we'll be the right way up. Back and the spare. How many people recognize that scene? So what was happening was a Jack Sparrow. The passion of his heart was anyone? His black pearl. And he was going to find his black pearl at any cost. And so he, going down this map, followed his map, found this spot, found a place where up was supposed to be down. The sun was supposed to be setting when it was supposed to be rising and everything just seemed backwards. So when you saw that scene, what did you see? Anyone? Anything interesting? Maybe relevant to cloud. Some people only had one eye. I didn't catch that one. What else? There were clouds on both sides of the world. Very good. Very good. Let's keep going. A group of people had to work together. A group of people had no idea what they were doing at the beginning of it all. What else? People had faith. They stuck to it. I'm not sure I'd go that far, but I like where your head did. Anything else? That's right. All right. So, here's what I saw. Jack Sparrow and his intrepid crew, they were determined. They were not going to give up. He was not going to let his black pearl escape him. Second thing, it only takes a few people to start the rocking. Third thing, remember they're cutting those ropes for all the barrels and the cannons? In order to get this thing to rock and flip, you actually had to take things that were previously tied down for safety and that you needed them to be free to move so the boat could move. Agile, iterations. After fewer iterations, the rest of the boat, they got it. The first couple of sprints, they're a little bit like, hey, this Jack Sparrow guy's crazy, but eventually they got it. I like those two tie themselves to the mast. Like, aha, we see the future. Everything's going to be upside down, so I'm going to tie myself, anchor myself, so I'm upside down, so when everything inverts, I'll be in the right place. So, almost. And then the last one, while the sun sets, it's simultaneously rising somewhere else. So thank you for that little diversion. Who is DTL? So my name is David T. Lin, and around work, I go by DTL partly because there's a lot of Davids in this world, a lot of Lin's in this world, a lot of David Lin's in this world. So at work, I'm DTL, that's generally what people call me, and I'm responsible for engineering semantics cloud. And what that means is that for semantic, there are a few key applications that are central to our cloud strategy. The first one, analytics. We're doing large-scale batch analytics, batch meaning map-reduced style analytics like Hadoop. We're running on the order of two and a half to three and a half petabytes and growing at terabytes per day. We're doing stream processing. So stream processing is using a Kafka slash storm infrastructure to do advanced correlations across security incidents that are coming from our customers. We recently went live with an offering that is handling on the order of 500,000 security events per second. And we're not even breaking a sweat, unlike me when I walked in this room. We're doing platform as a service. And the whole mantra, raison d'etre, platform as a service is we want to accelerate code to cloud. We want to be able to take a single piece of code, a single check-in by one of our security developers, and be able to accelerate, reduce the latency from the time that that thing gets checked in to the time where it sails through, mostly sails through, sometimes it doesn't, sails through our pipeline and gets validated, delivered, verified again, and then deployed. We want to shrink that time to as little as possible so our developers can create the next generation algorithms without having to wait for the infrastructure. Infrastructure as a service, software-defined infrastructure, we're looking at is really the stuff that OpenStack is all about. We're looking at taking this code, this open code base, and making it do things that are indistinguishable from magic. My journey, I started in communications. So I started in working on all optical networks, no electronics in the data path, went in, started working on signal detection, channel modeling in noisy wireless channels, and then started working in wireless infrastructure. When we were looking at wireless infrastructure, basically it was really clear that the complexity of the wireless networks out there are so great that you could only use tools to automate and optimize. From there, a few friends of mine over at GT Labs decided to spin out, started a company, server security called Kiave, did fantastically well for that short period of time just before the bubble burst. Network security, Raptor, which eventually was acquired by Semantic. Then I worked in Anti-Spam. Anti-Spam, best, best run of my life. That's just awesome. I love Anti-Spam. And then DLP worked with the Vontu, which is acquired by Semantic. And then now I'm at Semantic Cloud Platform Engineering. And so one thing about this story that's important is that when I was working in Anti-Spam, can anybody, any pronounce that word that starts with an M and ends with G? Maug? That's pretty much it. Nobody can really pronounce it. It's called, it's Mog. And it's the Message Anti-Abuse Working Group. And the Messaging Anti-Abuse Working Group is really a group of people who are dedicated to fighting messaging abuse. Dedicated to fight Anti-Spam, Anti-Spam, Anti-All This Other Stuff. And the one thing that was really interesting, the thing I really took away from Maug, is that here I was standing shoulder to shoulder with the proof points of the world, the cloud marks of the world, the iron ports of the world, at Semantic Brightmail, standing there. And we weren't enemies. Fine. We go into commercial things, or we go in muscling against each other. But at the end of the day, we're trying to fight the attacker. And I think one of the things that's really important when it comes to community, when it comes to cloud, is that the community understands who the attacker is. And in our case, the attacker isn't the companies whose names start with V. Or actually, I shouldn't name anybody else now. The enemy really is complexity. It's unreliability. It's failures. It's getting trapped and locked in to solutions that you don't own and you can't control. That is what we're fighting here. So Mog taught me a lesson, which is when it comes to a community, make sure you're clear the point of the community. So why is cloud important to Semantic? Started down a few of these things earlier. Semantic has the world's largest store of security metadata. The biggest challenge that Semantic has right now, when it comes to our security metadata, security analysis capabilities, is processing the data that we already have. Not to mention the data that's coming in. This is why investments in Hadoop, in the Hadoop ecosystem, in the union of OpenStack and Hadoop, so that we can both create large data lakes and we can create separated data ponds. This is why this is important to Semantic. Semantic, most people don't know this. We've got 23 major, 35 minor data centers. By major, I'm talking like half a megawatt class data center. OK, fine. These aren't Google major, but they're pretty major. And minor, we're talking in the 100, 150 kilowatt range. There's a lot of vintage software out there. And one of the ways that Semantic has grown over the course of the last 15 years is through acquisition of the best in class in each area. And so what happens post acquisition is that generally these companies are brought in, their products are integrated, but the real hard work of taking the infrastructure underneath and unifying it and creating one fabric, one analytics platform, one infrastructure platform, one set of core services, that was work that wasn't done. And that's what created the opportunity. The other thing that also created the opportunity is that vintage software, they're like geriatric pets. And I know everybody has a pet that they love. But when you go through some of the data centers that Semantic has acquired over the last 15 years, some of them are state of the art, circa when they were acquired. So we have things that represent 2000, 2005, 2005 to 2010, 2010 to 2015. And one of the big challenge, one of the things that's been the most elusive thing for us is how do we actually go through and get to converged infrastructure? How do we get to those economies of scale? How do we get to converged operations? How do we get to unified security offerings, where instead of customers having to go through and work with the different products and the product UIs and the configurations and the support teams and all the other things that really should be noise when it comes to security, how do we actually offer this in a way that our customers can use it to solve whatever problems that they have that have to do with information, security, information protection? So last quote one of my colleagues basically said to the question of build versus buy, he said, Formula One teams, they don't rent their cars. And ultimately, when it comes to semantic, in order for semantic to know how to build a cloud, I just did that backwards, in order for semantic to know how to secure a cloud, it's really got to know how to build one. And so that's why our journey started. And board of directors started semantic down this journey about 18 months ago. I'm here today to share our lessons and any kind of nuggets that we may have gone through that might be useful to you. Core principles, self-sufficiency, mastering our own destiny is critical, making sure that we have the expertise onsite to be able to control our cloud. Transformation, you don't go from the 23 data centers with the pets into a converged offering without a large degree of transformation. And there's the obvious transformation, which is you've got to take racks of gear that are a certain vintage. You've got to change them over. But the bigger one actually is the mindset transformation and the organizational transformation. This cloud thing is just different. And it takes a certain degree of courage in order to just accept that this is different. And let's just figure out what to do next. Innovation at speed, times of the essence. At scale, the talk managing external R&D and leveraging innovation in open source in your product offerings, your platform offerings, central to what we do. Talent wins. It takes talent to build a cloud. Assemble a team of highly talented individuals. And you can do just about anything you want. Code wins. PowerPoints, they're powerless in the face of code. So you came here to learn more about what did Semantic do in order to create an open stack, open source community within the company. And there are a few keys that I won't spend too much time on this. But the few things that people have to keep in mind anytime they take on one of these endeavors, first, have to be fearless. And seriously, your own fear, our own fear, organizational fear is the number one challenge to taking a company that has been working in a mindset of old and transforming it into a company that works in a new mindset. You've got to just get it done. Get stuff done. Get it done. You've got to have some momentum. You can't stop. You can't turn a stopped car. And you can't talk and talk and talk until you try to get to the perfect. Because the perfect is the enemy of the good. There's some times where you just need to roll up your sleeves and just do it. It's a tough journey, always important. Be humble. There's always something to learn. This one I learned recently, be the crow. As the crow flies, as the crow flies to the cloud, so will you. And just keep going. Don't give up. Go big or go home. I just like writing that. And anybody recognize this crow? It's the three-eyed crow from Game of Thrones. And there's some other meaning that goes with that, too. As you can tell, I probably watch a little bit too much TV, a few too many movies. So how did we drive this change? First, engines of change. What is it that powers this? So the first is that we have our communities of practice. And as communities of practice, our own form of an internal birds of feather, we are looking to create. We looked across and saw, hey, there are people who are aficionados of certain areas. There are people who are well-versed in open stack, well-versed in open source. Continuous, star, meaning continuous integration, continuous validation, continuous delivery. Communications, we have communications working group that is another community practice, analytics. And so one thing that's important if you're starting up this kind of initiative is to make sure that you create the communities of practice in the different areas so you can find the groups of impassioned people who really care. The second thing, once you've created community practice, you have to basically, you have to nurture it. You need to support it. You need to support it with attention. You need to give the communities an opportunity to exercise and go through and ultimately find their voice. And so within Symantec, we have, we took things very organically. We started off with a small community practice. Few people glommed on, a few people glommed on. Eventually kind of the word got out, like, hey, there's some cool things going on. And soon these communities of practice started growing. And they really became the engine, the power, the mindset transformation that's key to Symantec's transformation. Second, find your voice. And that's a really hard one. How many people have checked into OpenStack and gone through the first initial check-ins? How many people have submitted reviewed code and participated in the communities? That very first time before you submit, for me the very first time before I clicked, clicked on a blog post and submitted it, that's kind of scary. People talk about OpenStack, they talk about OpenSource, they talk about competing on the world stage. But then when it's time to actually do it and then now your code is gonna go to the eyes of the unknown critics who are all over the world. I mean, that's really that first barrier that everybody needs to get through. They need to get through. How do you find my voice? And how do I trust my voice enough that I can actually use that voice globally? And refine that voice. Cadence, oh sorry, on voice. We have newsletters that we send out. We have meetups that we sponsor. All these things started out really, really small. It was just a meetup, few people in the cafeteria. I think early on we invited Rob Hirschfeld to come by and he kind of shared on Defcore. Dr. Brian Payne came by. We had a lot of these different meetups and it was just our little way of sharing these are the things Semantic has learned. We have official blogs, CPE, CPE, if you look up Semantic developer open stack blog you'll find kind of some of the things that team members have been posting. And it took some encouragement, positive reinforcement, some support to get people kind of to that point where they were comfortable. Whatever it is they're passionate about in the space of security and open stack, open source for them to start blogging about it. And cadence is key. So cadence is really just pick a day, any day. Pick a small thing and just do it. And then set a time, a week from now, two weeks from now where you'll come back and you'll do the next thing. And you'll do the next thing. And you'll do the next thing. And you do the next thing. And eventually it grows. Hardest step is that first one. Discipline is going back and just keep going back and going and going and going. Adjust, learn, continue. Hackathons, so we have our hackathons every two weeks. Teams focused on creating cloud tools. It's fairly free form. But we also maintain kind of our own little internal stack of litics kind of thing. It's actually a spreadsheet. But basically we keep track of who submitted what. And it's a little kind of friendly kind of reminder that hey, here's this thing going on, submit something, let's just kind of keep that going. And it's all fairly under the radar stuff. Nothing dramatic, nothing like big press release, just little things in the same direction again and again. And lunch and learn. We started that because we found that engineers generally will come here, your talk, if you give them free food. So every two weeks we have our lunch and learn. And when I say create the platform, I don't actually mean create the cloud platform. What I mean here is that when you're creating the platform, you're creating that platform that people can use their voice. It's a platform from which the team speaks and delivers the message to the rest of the company. It's a platform where we can find people like birds of a feather in the company come kind of join our little crusade. So communities of practice are our engines of change. They're things that really drive it and it's really grassroots. Sometimes we augment with something more kind of top down organizational. But for the most part these are just organic, organically driven efforts where people just kind of come in, they check things out, they find the water's fine and they jump in. This one, I had a whole bunch of things to talk about when it came to open. When it comes to open mindset, open problem solving, open design, open source, open engineering, open deployment, we're a community, open arms. But then the talk on seven habits of highly effective contributors pretty much did set everything that I had to say in far better terms. So I'd rather just redirect people to go there because when it comes to all the different levels of open that really have to take place in order for your community to grow, a lot of it, you can go through that journey with contributing to OpenStack, contributing to various projects along the way. So I highly recommend the seven habits talk. So another thing that really helped us with our community was that we recognized fairly early on that there was a lot of things that OpenStack did and did really, really well. We borrowed the entire OpenStack pipeline. And what I mean by that is that we took the pipeline that I guess Canonical had seeded way back when we took Git, we took the Jenkins, Garrett, plus one, minus one, zero, plus two, all of that. And just used as our de facto internal practice. One of the big benefits of that is it's a huge jumpstart. So instead of people trying to figure out, like, oh, well, should we use this or this? Should we do this or this? When I say continuous integration, I mean this, what do you mean? When I say this is done as far as pre-flight checks, what do you mean? And so one, it was a jumpstart largely conceptually. It was a huge win to have predefined terms and externally defined terms that were actually solid. So we took those terms, we took the tools. We got people on Etherpad. We got people working just in the Git pipeline working with Garrett. We had blueprints for our internal designs. We basically took everything, lock, stock, and barrel. We also took the processes. And one of the things that Symantec is doing right now is returning the corner from creating kind of an open cloud platform to actually creating more of a community within the company where it's an open development environment for the Symantec cloud. So if you're a development team that is kind of working in an area, let's say you're experts in anti-spam, and you are creating new spam algorithms, new messaging hooks, new anything else, there's a mechanism which for years at Symantec I was looking for. There's a mechanism for sharing code and sharing contributions and code governance which OpenStack can do it on a world scale. Symantec can do it kind of within our own company. And so that's where we are in our journey right now. We've used the tools, we've built the community internally for the cloud platform. And now other teams are starting to kind of on board and figure out what the next services are, what are the things they're gonna build. So they're legal hurdles. And so I think for legal hurdles, that's one of those things where if you just kind of look at it for kind of the everything that it is, it's easy to be a little bit overwhelmed and just kind of say, well, look, this is such an uphill fight. Symantec historically had been a very closed source company and so this idea of being more of an open source company where the IP is in certain areas but not in others was a longer conversation to have. But this is a conversation you have to have. So how did we do it? We started small. We started with individuals first signing up and getting their foundation membership and editing some code, editing some documentation, getting clearance that, yeah, this is okay. We're just fixing up the documentation, OpenSAC security guide, Keystone guides. Whatever, you know, wherever I think, wherever there's something that needs to be fixed, I mean, the mantra was grab a shovel. And so our developers did. We encourage them to grab shovels and they grab shovels and started small, found some projects that were kind of had long, had a good affinity, alignment with what we were doing. And then we started to engage that community. For us, Semantic Secret Sauce is really securing the systems, securing the data, securing the people, whereas building a cloud is more of a byproduct for delivering the platform to deliver next generation security as a service. So when it comes to what is Secret Sauce, what isn't Secret Sauce, for us, there's a lot of technologies that really aren't Secret Sauce, like we take from Hadoop, we take from Storm, we take from Kafka, OpenSAC, OpenContrail, and the list goes on and on and on. And we take all that code, we integrate it together, and a lot of the integration is really just straight up integration. It's not, you know, there's nothing proprietary about it. It's just how do you make this work? So one of the, we're still in the middle of the conversation. There are some things which are obviously, like deployment scripts are obviously not proprietary from Semantic's perspective. Other things when we start talking about, okay, messaging security, when we start talking about, you know, intrusion detection. And some of the other things then, you know, then becomes more of a nuanced area. But I say the first thing, business models are important. And so, you know, I'm here representing Semantic, I'm not here representing myself. Semantic has done a lot to support myself, our team, to do certain things in certain areas. And so when it comes to having the conversations, it's important to balance pragmatism with idealism. You know, it's important to, you know, like having the conversation, okay, this is at advantageous, this is not, this can be open source, this maybe we should hold on to. It's a conversation that has to have, you have to have it, and you also have to have the nuanced kind of conversations there as well. And you need to have kind of a trusted party, like someone kind of who on the legal side, on your team, whether it's the open source review board or another board who just who get it. And, you know, we found those people within the company and we're working with them. But clearing the legal hurdles, don't take it all in kind of like, just don't let the whole thing kind of stop you. Take small steps, go back to cadence, incremental improvements, learning, continue, continue, continue. And there's other times where there's gonna be big bang type efforts and, you know, there's a place for those too. But for what we did, we actually did kind of the small organic incremental route. So, I love this quote. John Cage, I don't even know how to describe it. Modernist composer, I suppose. Begin anywhere. Just pick a point, any point. Begin anywhere and just start improving. So what did we do? We started with something so basic as a membership drive. Like an open stack foundation membership drive. And for the membership drive, we had our little charts and our little charts would show like, okay, we've got this many people, we've got this many people, we've got this many people. And, you know, soon we had more people than kind of some of the other vendors. Like, you can also slice the stats. Like, we had more people joined last week than anybody else. It's like, okay, well, yeah. Great. But we took whatever wins we could. We looked at stack analytics that was our like, oh, look, here's another check-in. Oh, look, here's another review. Oh, look, here's another, you know, email exchange that we participated in. And it was encouraging for the team. So, you know, if checking in code isn't your thing, write a blog. It could be a short one. I mean, one of the beauties of most of these modern blogging platforms is even if you write something and it's really, really bad, you could, as long as people don't have the content of what you wrote and they just have the link, you can change it. And if anybody's been following my blog, you'll see all the bad things that I've kind of edited silently out of the blog while no one was looking. But, you know, it's safe. Go for it. Write it on LinkedIn, write it on your company blog, wherever it might be. Just kind of start testing the voice. Make one presentation. Teach one person, change one mind. And through all of this, most important thing, have a blast, because this shit's just fun. So, community, security, liberty. This is where like, you know, this is where I was moved by Paris, you know, that's the whole thing, revolution, fight the power. But, without community, without security, there can be no liberty. When I say community, I mean people like us. People who are just kind of going through and trying to figure out how to make this cloud a better cloud. I'm talking about security. I don't mean like big brother, kind of like TSA kind of scans, or actually, I shouldn't say anything, I still have to fly home. What I mean by security is safety. You know, we just want to know that we're safe. We want to know that our data is safe. I just want to know that my grandmother's not about to get her identity in her retirement stolen, retirement savings stolen because she clicked on a bad link. We just want safety. We just want whatever it is that's the opposite of insecurity. So we want liberty. We want freedom. We want everything that we're doing this week. So, little foretaste of the land of the rising sun. Got a few more minutes open for questions, discussions, the mics over there, and yeah, we're really, really thankful for this ride. We're really, really grateful for the community for embracing us from Hong Kong to Atlanta to Paris. People just took us in and we learned. And so here, we'd like to give something back if we can. Thank you for coming and I'm open for questions. I have more videos if you want. I can go to LinkedIn and I connected to Clone Wars, Pulp Fiction, Joni Mitchell, there's no other questions. Then I'll be up here, semantic team will be up here as well, come talk to us, reach out to us, reach out to us either on the open stack mailing lists or email us. We're here. We're looking for people who want to go and secure this cloud thing that's becoming so popular. So, thank you.