 Hey guys and gals, welcome back to New York City. Lisa Martin and John Ferrier, alive with theCUBE at AWS Summit 22 here in the Big Apple. We're excited to be talking about security next. James Arlen joins us, the CISO at Ivan. James, thanks so much for joining us on theCUBE today. Absolutely, it's good to be here. Tell the audience a little bit about Ivan, what you guys do, what you deliver, and what some of those differentiators are. Oh, Ivan, Ivan is a fantastic organization. I'm actually really lucky to work there. It's database as a service, managed databases, all open source, and we're capital S serious about open source. So 10 different open source database products delivered as a platform, all managed services, and the game is really about being the most performant, secure, and compliant database as a service on the market, friction-free for your developers. You don't need people worrying about how to run databases. You just want to be able to say, here, take care of my data for me, and that's what we do, and that's actually the differentiator. Just take care of it for you. Take care of it for you, I like that. So they download the open source, they could do it on their own, so all the different projects are out there. What do you guys bring into the table? You said a managed service, could you explain that? Yeah, the managed service aspect of it is really, you could install the software yourself. You can use Postgres or Apache Kafka, or any one of the products that we support. Absolutely, you can do it yourself. But is that really what you do for a living? Or do you develop software, or do you sell a product? So we take and do the hard work of running the systems, running the equipment. We take care of backups, high availability, all the security and compliance things around access and certifications, all those things that are logging, all of that stuff that's actually difficult to do well and consistently, that's all we do. Talk about the momentum. I see you guys were founded in what, 2016? Yes. Just in May of 22, raised $210 million in series defunding. Yes. And so momentum and also from your perspective, all of the massive changes in security. It's very interesting to work for a company where you're building more than 100% growth year over year. It's a powers of two thing, right? Going from one to two, not so scary, two to four are not so scary. 512 to 1024, it's getting scary. 1024 to 2048, oh crap, right? I've been with Ivan for just almost two years now and we were less than 70 when I started and we're near 500 now. So explosive growth is very interesting but it's also that you're growing within a reasonable burn rate boundary as well. And what that does from a security perspective is it leaves you in the position that I had. I walked in and I was the first actual CISO. I had a team of four, I now have a team of 40 because it turns out that like a lot of things in life, as you start unpacking problems, they're kind of fractal. You unpack the problem and you're like, oh, well I did deal with that problem but now I got another problem that I got to deal with. And so there's, you know, it's not, it's a lot of things going on and other authors. Yeah, and you know, there's fundamental problems that are still not fixed and yet we treat them like they're fixed. And so we're doing a lot of hard work to make it so that we don't have to do hard work on going. And that's the value of the managed service. Yes. Okay, so let's talk about competition. We had ETR on, which is enterprise research for them that we trust, we like. And we're looking at the data with the headwinds in the market, looking at the different players, like got Amazon has Redshift, Snowflake, and you got Azure sequence, I think it's called some of those products. The money that's being shifted from on-premise data warehouse, the old school data warehouse, like Teradata and whatnot, is going first to Snowflake, then to Azure, then to AWS. Yes. Yeah, that points to Snowflake being kind of like the bell of the ball, if you will, in terms of data cloud. Absolutely. How do you compete with them? What's the pitch? Because that seems to be a knee-jerk reaction from the industry, because Snowflake is hot, they have a good value probably, they have a smart team, Databricks is out there too. Yeah, I mean, it's competing against all that. So this is that point where you're balancing the value of a specific technology or a specific technology vendor and am I going to be stuck with them? So I'm tying my future to their future. With open source, I'm tying my future to the common good. The internet runs on open source, it doesn't run on anything closed. And so I'm not hitching my wagon to something that I don't control. I'm hitching it to something where any one of our customers could decide I'm not getting the value I need from Ivan anymore, I need to go, and we provide you with the tools necessary to move from our open source managed service to your own. Whether you go on-prem or you run it yourself on a cloud service provider, move your data to you because it's your data, it's ours. How can I hold your data? It's like weird extortion ransom-eating. Architecturally speaking, I'm an enterprise, it's a big land grab, because with cloud you're horizontally scalable, it's a beautiful thing, open source is booming, it's going, you know, nirvana. Every day it's just escalating higher and higher. It is the software business, so open is open. The integration and scale seems to be the competitive advantage, right? So, how do you guys compete with that? Because now you got open source, how do you offer the same benefits without the lock-in, or what's the switching costs? How do you guys maintain that position of not saying the same thing snowflake? Because all of the biggest data users and consumers tend to give away their data products. LinkedIn gave away their data product, Uber gave away their data product, Facebook give away their data product, and we now use those as community solutions. So, you know, if the product works for something the scale of LinkedIn or something the scale of Uber, we'll probably work for you too. And scale is just- Facebook and LinkedIn, they gave away the product to own the data to use against you. But it's the product that counts because you need to be able to manipulate data the way they manipulate data, but with yours. So low latency needs to work. So horizontally scalable, Phoenix Machine Learning, that's what we're seeing. How do you make that available? Customers want on architecture, what do you recommend? Control plane, data plane, how do you think about that? It's interesting, there's architectural reasons to think about it in terms like that, and there's other good architectural reasons to not think about it. There's sort of this dividing line in the cloud where your cloud service provider takes over and provides you with the opportunity to say, I don't know and I don't care. As long as it's secure. As long as it's secure, absolutely. But there's sort of that waterline idea where if it's below the waterline, let somebody else deal. What are some of the table stakes? Because I like that approach. I think that's a good value proposition. Store it, what boxes have to be checked? Compliance, secure, what are some of the boxes? You need to make sure that you've taken care of all of the same basics if you are still running it. Remember, you can't absolve yourself of your duty to your customer. You're still on the hook. So you have to have backups. You have to have access control. You have to understand who's administering it and how and what they're doing. Good logging, good comprehension there. You have to have anomaly detection, secure operations. You have to have all of those compliance check boxes, especially if you're doing a regulated data type, like PCI data or HIPAA health data, or you know what, there's other countries besides the United States. There's other kinds of compliance obligations there. So you have to make sure that you've got all of that taken into account. And remember that, like I said, you can't absolve yourself of those things. You can share responsibilities, but you can't walk away from that responsibility. So you still have to make sure that you validate that your vendor knows what they're talking about. I wanted to ask you about the cybersecurity skills gap. So I'm kind of doing a little segue here because you mentioned you've been with Ivan for about two years. Almost. Almost two years. You started with a team of four. You've grown at 10X in less than two years. How do you accomplish that? Considering we're seeing one of the biggest skill shortages in cyber in history. It's amazing. You know, you see this show up in a lot of job ads where they ask for 10 years of experience in something that's existed for three years. And it's like, okay, well, if I just be logical about this, I can hire somebody at less than the skill level that I need today and bring them up to that skill level. Or I can spend the same amount of time hoping that I'll find the magical person that has that set of skills that I need. So I can solve the problem of the skills gap by upskilling the people that I hire. Which is strangely contrary to how this thing works. Well, the other thing too is the markets evolving so fast that carry up and pulling along someone along or building and growing your own, so to speak, is workable. It also really helps us with a bunch of sustainability goals. It really helps with anything that has to do with diversity and inclusion. Because I can bring forward people who were never given a chance. And say, you know what? You don't have that magical ticket in life, but damn, you know what you're talking about. That's a classic pedigree. I went to this school, I studied this degree. There's no degree for how to stop a hacker using state-of-the-art malware. Exactly, what I do today as a job didn't exist when I was in post-secondary at all. So. What do you hire? What do you look for? I mean, I see problem solving. What's your kind of algorithm for hiring? Oh, that's a really interesting question. The quickest sort of summary of it is, I'm looking for not a jerk. Not a jerk? Yeah, okay. Because it turns out that the quality that I can't fix in a candidate is I can't fix whether or not they're a jerk. But I can upskill them. I can educate them. I can teach them of a part of the world that they've not had any interaction with. But if they're not going to work with the team, if they're going to be, look at me, look at me, if they're going to not have that moment of, I have this great job and I get to work today. And that's awesome. That's what I'm trying to hire for. Because it's- He should miss teamwork. Collaboration. Cooperation. Curiosity. It's a thing. Yeah, absolutely. Those things, oh, absolutely. Those things are really, really hard to interview for. And they're impossible to fix after the fact. So that's where you really want to put the effort. Because I can teach you how to use a computer. I mean, it's hard, but it's not that hard. Yeah, yeah. Well, I love the current state of data management. Good overview. You guys are in the good position. We love Open Source. We've been covering it since theCUBE started. It continues to redefine more and more of the industry. It is the software industry now. There's no debate about that. If people want to have that debate, that's kind of waste of time. But there are other ways that are happening. So I have to ask you, as things are going forward with innovation, okay, if Open Source is going to be the software industry, where's the value? That's a fun question. Wow. Is it going to be in the community? Is it the integration? Is it the scale? If you're open, then you have low switching costs. Yeah, so when you look at Ivan's commitment to Open Source, a huge part of that is our Open Source project office, where we contribute back to those core products, whether it's parts of the Apache Foundation or Postgres or whatever, we contribute to those because we have staff who work on those products. They don't work on our stuff. They work on those. And it's like the opposite of a zero sum game. It's more like Nash equilibrium. If you ever watched that movie, A Beautiful Mind, that great idea of you don't have to have winners and losers. You can have everybody loses a little bit, but everybody wins a little bit. Yeah, and that's the open ethos. And that's where it gets tied up. Okay, so another follow-up on that. The other thing I want to get your reaction on is that now in this modern era of Open Source, almost all corporations are part of projects. I mean, if you're an entrepreneur and you want to get funding, it's pretty simple. You start an Open Source project, how many stars you get on GitHub guarantees a series C ground, pretty much. So Open Source now has got this new thing going on where it's not just Open Source folks who believe in it, it's an operating model. Yes. What's the dynamic of corporations being part of the system? It used to be, oh, what's the balance between corporate and influence? Now it's standard, what's your reaction? They can do good and they can do harm. And it really comes down to why are you in it? So if you look at the example of Open Search, which is one of the data products that we operate in the Ivan system, that's a collaboration between Ivan. Hey, we're an awesome company, but we're nowhere near the size of AWS and AWS, where we're working together on it. And I just had this conversation with one of the attendees here, where he said, well, AWS is going to eat your story there. You're contributing all this to the Open Search platform and then AWS is going to go and sell it and they're going to make more money and I'm like, yep, they are. And I've got staff who work for the organization who are more fulfilled because they got to deliver something that's used by millions of people. And you think about your jobs, that moment of, I did a cool thing today. That's got a lot of value in it. And being part of something. Exactly. 100%. And we end up with a product that's used by millions. Some of it, we'll capture because we do a better job running at the AWS does, but everybody ends up winning out of the backend. Again, everybody lost a little, but everybody also won. And that's better than that whole, you have to lose so that I can win. At zero something. Well, I think the silo conversations are coming. What's the balance between siloing something and why that happens and then what's going to be freely accessible for data because real-time information is based upon what you can access. Hey Siri, what's the weather we had a guest on earlier? It says, oh, that's a data query. Well, if the weather stored in a database that's out here and it can't get to the response on the app, yeah, that's not good. But the data's available, it just didn't get delivered. Exactly. This is an example of what people are realizing now, the consequences of this data, collateral damage or economy value. Yeah, and it's understanding how data fits in your environment. And I don't want to get on the accountants too hard, but the accounting organizations, AICPA and ISAE and others, they haven't really done a good job of helping you understand data as an asset or data as a liability. I hold a lot of customer data. That's a liability to me. It's going to blow up in my face, right? We don't talk about the income that we get from data. Google, we don't talk about the expense of regenerating that data. We talk about, well, what happens if you lose it? I don't know. We're circling the drain around fiduciary responsibility. And we know how to do this. If you own a manufacturing plant or if you own a fleet of vehicles, you understand the fiduciary duty of managing your asset. But because we can't touch it, we don't do a good job of it. How far do you think are people getting into the point where they actually see that asset? Because I think it's out of sight, out of mind. Now there's consequences. There's now public companies might have to do filings. There's now sustainability and data. Like, wait a minute, I got to deal with these things. It's interesting. You know, we got this great benefit of the move to cloud computing and the move to utility-style computing. But we took away that. I got to walk around and pet my computers. Like, oh, this is my good database. I'm very proud of you. Like we're missing that piece now. And when you think about the size of data centers, we become detached from that. You don't really think about, you know, Ivan operates tens of thousands of machines. It would take entire buildings to hold them all. You don't think about it. So how do you recreate that visceral connection to your data? Well, you need to start actually thinking about it. And you need to do some of that tokenization. You know, when was the last time you printed something out? Like, you know, you get a report and it happens to me all the time with security reports. I get a security report and it's like 150 page PDF. Scroll, scroll, scroll, scroll. Print it out. Stump it on the table in front of you. Oh, there's gravitas here. There's something here. Start thinking about those records. Count them up and then try to compare that to something in the real world. You know, my wife's a school teacher. Kindergarten to grade three. And tokenizing math is how they teach math to little kids. You want to count something? Here's 10 things, count them. Well, you've got 60,000 customer records where you have two billion data points in your IoT database. Tokenize that. What does two billion look like? You know, what does a million dollars look like in the form of $100 bills on a pallet? All right, tokenize that data, create that visceral connection with it, and then talk about it. So when you say tokenize, you mean like token as in decentralization token? No, I mean like create a totem or an icon of it. A thing you can hold. So, you know, if you're a mortgage company, if you're a mortgage company, take that customer record for one of your customers, print it out and hold the file. Like in a Manila folder, like it's 1963, hold that file and then say yes. And you're explaining it to somebody, say yes. And we have three million of these. Yeah, yeah. If we printed them all out, it would take up a room this size. It shows the scale. Right, exactly. Create that connection back to the human level of interaction with data. How do you interact with a terabyte of data? But you do. Right. But what's- She hits upgrade on Google Drive. Yeah, what's a terabyte, right? We don't hold that anymore. Right, right. Great conversation. Recreate that connection. Talk about data that way. The visceral connection with data. We'd love to dig more and love the approach. Love open source, love what you're doing there. That's a very unique approach. And it's also an alternative to some of the other vast growing, yes, your valuations are very high too. So you're not too far away from these big valuations. So congratulations. Absolutely. Yeah, excellent. I'm sure there's lots of work to do, lots of strategic work to do with that round of funding, but also lots of opportunity that it's going to open up. And we know you don't hire jerks. I don't. You have a whole team of non-jerks. That's pretty awesome, especially 40 of them. That's impressive, James. It is. Congratulations to you on what you've accomplished in the course of the team. And thank you for sharing your insights with John and me today. We appreciate it. Thanks very much. Thanks for being great. Awesome. For John Furrier, I'm Lisa Martin and you're watching theCUBE live in New York City at AWS Summit NYC 22. John and I will be right back with our next segment. Stick around.