 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hi there, this is Dave Vellante, and welcome to this CUBE Conversation. We're here with Scott Strickland, who's the executive vice president and CIO of Wyndham Hotels and Resorts. Scott, great to talk to the CIOs. Thanks so much for coming on theCUBE. Thanks for inviting me, Dave. You're very welcome. All right, let me, let's get into it. You guys, Wyndham Hotel and Resorts, obviously that industry hard hit by the COVID pandemic. I got to say though, your executives doing a great job. You guys just had your earnings fall, your stock is more than doubled since the March low. So obviously hanging in there, well-run company. But how did the, how did you respond to the, to the, and adapt to the COVID impact? What was your first move? Our first move, when we looked at COVID, we're on the sharp end of that proverbial hospitality spear. We're in an industry where people are going to see this first and COVID is going to be very apparent as people stop traveling. So the first thing we saw is actually in China because we're a worldwide company. We saw obviously the impact of COVID there. So we had a little bit of a head start in terms of planning here in North America. And we were already planning for possible hotel closures and for different work environments. The very first thing we did was actually take our corporate staff, roughly 1400 people off campus in a 36 hour period. And we're really, really proud of that. The second thing we did was we looked at how do we help our franchisees as they consider possibly closing their hotels or how do they react to a much lower occupancy type environment? Yes, okay. So you had like a canary in a coal mine with visibility in China. You didn't, you didn't wait, you acted. I want to bring up a chart guys, if you would. This is data from our data partner, ETR, and every quarter they go out and ask customers, are you going to adopt new, are you going to spend more, that's the green, are you flat spending, are you going to decrease spending, or are you going to kind of replace the platform? This is specific to Zscaler and you can see, and this was taken, Scott, right at the height of the U.S. lockdown. And so what impressed me is that well over half, well 52% of the customers that they talked to said they're going to spend more on Zscaler. Now, of course, part of that was the work from home pivot, the investment in security, but I wonder, Scott, if you could tell us, what did this picture look like for Wyndham? So as we were migrating off site, we realized that we needed a different set of security solutions for us. We had to implement Zscaler from an endpoint security. They have additional security in terms of putting applications behind them so they can serve almost as a VPN and you don't have to leverage VPN to get to some of your apps in the future. And we're going to be spending more with them actually to implement that solution. So for us, we're going to be in that box in that high area there where we will be spending more with Zscaler in the next six months than we did in the prior year. So what do you think happens with this kind of work from home? Basically, you saw Twitter said, hey, we're going to make it permanent. Other companies said, hey, we're going to make it through the end of the year. What's your thinking in terms of that work from home, hybrid, how is Wyndham going to respond going forward? On a go forward basis, we're going to go to a hybrid model. So what that'll mean for us is we're going to be looking at the equivalent of shifts almost. So two days on a deep cleaning, two days on and rotate that through so that you have different shifts of people who necessarily aren't interacting with each other. We also, before we even went off site, we were looking at a work from home model and what COVID did is it really accelerated it for us. So when we go back into the offices, we're going to have roughly 20% of our staff that's going to remain as Twitter referred to them as permanent work from home. These are roles that only need to be in the office once every two to three weeks. And then we're going to go to that rotational schedule for the rest of the folks for that phase one. So one of the other things that our friends at ETR are looking into is sort of what CIOs are expecting in terms of the shape of the recovery. People talk about a V shape, which some people expect, but not most. Most people expect some kind of U shape recovery down for maybe a couple quarters and then come back over the next several quarters or an L shape down for three or more quarters and then very slowly coming back, maybe into the late 2021. Some of the harder hit industries like airlines, you would expect that. What's your thinking in terms of the shape of the recovery? As we look at the recovery, we try to make it a database decision right now. And so we work a lot with Smith Travel. They provide most of the data actually for the hospitality industry looking at occupancy and guest preconceptions. Are they willing to come back in? Are they willing to check into a hotel? And what Smith is forecasting right now is a very gradual U over the next year and a half or so. Now that said, we believe that we're well positioned in the industry because as people do start to travel again, we believe they're going to want to go to drive to hotels and with 9,000 plus hotels worldwide and the top economy brands around such as Super 8 and Days In, those are classic drive to hotels. You're going to go drive and visit your parents who haven't seen in a while. You need to stay somewhere overnight off the highway. You're going to check into a Days In. We believe we're going to be well positioned to capture some of the initial market share when it does return. Well, too, I think people, I mean, people have cabin fever and young people, I think they're going to be more receptive. People with a lot of disposable income. So I think that could actually bode well and be some upside for industries like yours. I want to talk about, you know, get into the security aspect, the cloud. You obviously have a CISO, talk about that. You were, your CISO was a peer. Is that right? What's your relationship to your CISO? Sure. So at Wyndham Hotels and Resorts, the CISO reports into me. He reports into IT. He's a group vice president level reporting into me as an EVP. However, really when we think about it, I treat him as a peer. And what I love about having him in my group is he can be part of those technology decisions and the development cycle from the beginning. So what that enables us to do is we're not coming along later and putting security into one of our products. He's part of those security decisions as we develop our products, whether it's an application, whether it's an infrastructure, whether it's even a new networking solution. He's part of those decisions from the beginning, which has been great. And he's the type of guy actually that the rest of my teams want to work with and they want to work with his security teams and ask them questions. So he serves as a trusted advisor for us. So that's an interesting model. And I think it's one that's going to gain traction because if the security team is sort of an isolated island, it sort of all falls on them. You've got a seat at the table. Security, of course, as we know, is a board level topic right now. So let's talk about your environment. I kind of want to talk about pre and post COVID, but also pre and post Z scaler. So, Liam, let's paint a picture. You got a lot of organizations. You got the corporate headquarters. You got a lot of appliances. You got, maybe you got people working from home, tunneling through in a VPN. You got your data center somewhere, but you got all these cloud apps as well. So it's a changing environment. You got to bring your own devices. What did, you know, go back a little bit, however much is appropriate. What did Wyndham look like in the pre mode? So in the pre mode, we had seven global offices scattered throughout the world. And our main office on the Persephone campus was roughly 1400 people across two buildings. We used a classic Cisco sort of infrastructure with multiple redundant data lines brought in and then the heavy duty switches that in turn off loaded into a Wi-Fi network as well. We then had a dedicated line out to our co-location facility. And that in turn then served out into our public clouds, such as an AWS or Google. So that was our pre picture. We were in the process, even prior to this, we were in the process of saying, okay, we have some of this legacy hardware in the Cisco type environment. How do we deploy that so that it can be cloud-first? So we were halfway through a Meraki implementation all the way from the switch level and the Wi-Fi level so that we could administer that remotely. And what this has done for us is we've actually accelerated that implementation. The good thing about everybody being out of the office is it's pretty easy to send one or two people in to complete some of that work in the closets and get our backbone adjusted. So what we've been doing is we've been working at fixing that backbone, replacing it with the Meraki switch and Wi-Fi equipment so that we can remote administer it from anywhere in the world, which is suddenly has opened up a whole new level of ability to follow the sun, ability to possibly even outsource that or leverage lower cost resources to do some of that. They don't have to be based here in the New York, New Jersey area. So what were the big sort of challenges that you faced me? A lot of organizations will tell us you've got different users coming in from different apps. They've got different security policies, different standards. You got shadow IT with, you know, not really enforcing our corporate edicts. What were some of the challenges that you faced and maybe the objectives of bringing in Zscaler? Sure, so the last part that I didn't really cover that'll help play into some of these challenges is our co-location facility. Originally, we had three data centers and we've migrated those three data centers largely into the cloud, into an AWS or into a SaaS based environment. But for some of those applications that just you can, we put it into a co-location facility and then paid a third party to manage that so that we're out of the administration and data center business. So that's part of that pre. So when this came along and we suddenly said, okay, how do we lock everything down? How do we ensure that we understand how people are going to access this? We only had two or three applications that had a significant user base where we needed to invest in VPN, where we needed to ramp up our VPN licenses because suddenly everybody's going to be at home, for example. The beautiful part is, is what we had are for our biggest applications, those were already cloud based. So those were already being accessed by people who just had a network connection. And that was why originally we chose Zscaler because we wanted our folks no matter where they were and the classic example our CESA was giving, they're at Starbucks and they need to access our HR SaaS based application. We can do that with confidence from a Starbucks or from a coffee shop, any coffee shop in the world because we know we have Zscaler installed on their end point. Because we know it's going to go through that level of scrutiny and we'll have that protection. So even if the network is being sniffed or there's something weird going on there, we'll be protected. So Zscaler has been a partner for us on that for about a year or so. And then I spoke earlier a little bit about us looking at their VPN light solution where you put the applications behind Zscaler so that you no longer have to go in with VPN and double click and get a token from a company like RSA or something of that nature. You can just make it a virtual application that you can access via Zscaler as well. And let me just understand, Scott, that would be essentially like a security cloud that you would be putting in front of all applications or just your private applications? That's a great way to think about it, Dave. Yes, is it would be a security cloud that we would put in front of all of our applications? So we have it in front of our applications that are SaaS based and then we would start putting it in front of our applications that are based in our co-location facility. So Scott, when I talked to CESOS and I asked them what's their number one challenge, they'll tell me lack of talent. We got all these devices and we're running around and we just can't find the talent. So I'm wondering, is that your main challenge of you and what is the business impact of this sort of new security regime that you're putting in place? So what's really worked well for us is we've been able to recruit some of the best and the brightest and keep them here because we're continuing to implement these cloud based security tools. So Zscaler is one of them and we have others in our suite there. And that's what excites security guys and gals is that they get to play with some of the new toys and we get to migrate from something that was legacy to something that's brand new and they continue to get to improve their resume. Yes, but they also get to play with the new toys and some of the shiny new objects. Our retention rate in our security team is unheard of in the industry. We are single digit turnover, voluntary turnover year over year on our security team. And again, these are guys and gals that could go into the city and make more and they purposely chosen not to because we let them be at the front edge of security. Well, that's a pretty interesting metric because a lot of times you guys are like air traffic controllers, you know, the eyes bleeding staring at screens all day and you got to win every day. You know, the bad guys only have to win once. But so, okay, so what has been the business impact of sort of this new approach that you've been taking, this sort of cloud first approach? What it's allowed us to do is to look at the threats that are actually most important. So if you look at security, you know, you had your traditional DDoS attacks, you have sequel injections, you have some of these lower level type of tax by automating a lot of that and by putting it into the cloud, we're not worried about most of that anymore. What we can really focus on now is the state sponsored agencies or the criminal agencies that are coming after us with very, very sophisticated phishing attacks or mail, we had some physical mail attacks recently that are trying to penetrate us in ways that we've never seen before. And again, that's exciting for the security team because they get to focus and they get to almost think like one of these hackers and say, okay, if they're trying to get in here, where do we believe we're not protected? How do we go on the offensive a little bit here? We have a threat hunting organization as well. Hey Dimash, if you had a mulligan, I don't have your golf, if you do, hopefully, I'll move my mulligan every time, Dave. My golf club went out of business, I gotta find another one, but if you had a mulligan, what would you do over again? What kind of advice would you give to your peers? My mulligan on this would have been to have moved faster. When we started our original migration of the cloud back then even then there was concerns about can the cloud be as secure as your physical data center? And the answer there is absolutely yes. If you've ever toured one of these tier ones, such as an Amazon or a Google and you take a look at their security versus our physical security, tear off that band aid, execute the migration and wherever possible as you do that migration, don't go legacy for legacy, don't do a lift and shift. Instead, take the opportunity to transform, do a lift and transform while you're doing that, not a lift and shift. So my mulligan would be go faster and if I got a bonus mulligan, then I'd say a lift and transform, not lift and shift. Yeah, I tend to agree with you. I think that the work that we've done and the research that we've done really underscores what you've just said. There is a shared responsibility model but shared responsibility is great when you're working with, like you say, an Amazon or an Azure or a Google. So last question is, when you look forward, we've been so tactical really putting out fires but as we start to come out of this thing, how do you see some of the things that you're gonna preserve from the past maybe but what does the future look like? I mean, it's kind of ironic, this whole thing hit at the start of a new decade. So I think we all agree. And maybe you do too, maybe you don't. I'd love your thoughts. We're just not gonna go back to 2019. So as you start to think of the midterm and the longer term, what are some of your planning assumptions and some of your thinking? They say, Dave, never to waste a good crisis and we've learned a lot out of this crisis. One is that we don't need a traditional work from home model and we're gonna be able to collapse actually our campus down into a single building and then go with that shift approach that I spoke to earlier. If I look forward into the medium and the longer term, what we're seeing is we're seeing that our franchisees and our guestings are going to change. When you check into a hotel, you're going to want to have that as contactless and experience as possible. So how do we offer the technology at scale to our guests and franchisees to enable that? That's beyond just mobile check and that's beyond mobile checkout. That's keyless entry. That's mobile payments. That's the ability to choose my room, perhaps on my mobile device. There's a whole new world I believe that's coming ordering my room service on my mobile device from my room without leaving my room. You can start to see in this brave new world post-COVID that we're going to be able to leverage a lot more contactless, a lot less face-to-face technologies, but still enable a good guest experience when they're at our hotels. Well, I'm excited about that because I mean, as the Cube, you know, our business is going to events. I mean, mostly, of course we're all in the studio now, but we do a lot of travel and this notion of accelerating the digital transformation and leaders like yourself, Scott, really driving that. I'm excited about the new experiences. So I really want to thank you for coming on the Cube and sharing with us the best practice and your journey. Appreciate it. Hey, thanks for reaching out, Dave. Good to be here. All right, and I thank you for watching everybody. This is Dave Vellante for the Cube. We'll see you next time.