 Good afternoon, guys and gals. Welcome back to theCUBE's live coverage of AWS re-invent 2022. We've been in Sin City since Monday night, giving you a load of content. I'm sure you've been watching the whole time, so you already know. Lisa Martin here with John Furrier. John, we love having these conversations at AWS re-invent. So many different topics of conversation. We also love talking to AWS's partner ecosystem. There's so much emphasis on it, so much growth and innovation. Yeah, and the thing is, we've got two great leaders from a very popular company that's doing very well. Security, security's a big part of the story. Data and security, taking up all the keynote time. You're hearing a lot of it. This company's coming to be followed from the beginning, doing really good stuff in open source, cloud native. Security shifting left. Sneaks is a great company, but the CTO and the head of the product organization, these guys have the keys to the kingdom and security. We're going to have a great conversation. Yeah, we are. Both from Sneak. Manoj, Nair joined us. He rejoins us for your, I believe, 11th visit, Chief Product Officer at Sneak. Adisha Rabani, Chief Technology Officer. Welcome, guys. Great to have you. Thank you. Great to be back. So what's going on at Sneak? I know we get to talk to you often, but Manoj, give us a low down. What are some of the things that are new since we last connected with Sneak? A lot of innovation going on. We just had a major launch last month. And you know, when we talk to our customers, three big things are happening in parallel. One is the shift to going from traditional development to really dev ops, where we need to make that dev sec ops. And Sneak was the head of, that was the genesis of Sneak, who are still, you know, maybe 15, 20% of organizations have realized that. So that one big theme, supply chain security, top of mind for everyone. And then really cloud and, you know, how do you really take advantage of cloud? Cloud is code. So our innovation mapped to those three big themes. We have done a lot in terms of that shift left and Adi will talk about kind of some of our original, like, you know, thinking behind that. But we flipped the security paradigm on its head. Was to make sure developers loved what they were, you know, experiencing with Sneak. And by the way, they're fixing security issues. The second one, supply chains or, you know, S-bombs. And everyone hears about this and executive orders. What do you do? Who does what with that? So we launched a few things in terms of simplifying that. You can go to our website and, you know, just upload your S-bombs. It'll tell you using the best security intelligence data. In fact, the same data is used by AWS inside their products, inside inspector. So we use that data from Sneak's intelligence to light up and tell you what vulnerabilities do your third party code have. Even things that you might not be scanning. And then the last one is really code to cloud. Cloud is code. So we have brought the ability to monitor your cloud environments all the way into your platform and the security engineering teams rather than later on and after the fact. Those are some of the big ones that are working. Lots going on. Yeah, lots going on there. I mean, S-bombs, software, bill of materials. I mean, who would have thought in the developer community going back a decade that we've talked about bill of materials, open source, it becomes so popular. You guys are cloud native. Developer productivity is a hot trend. Not much going on here, talking about developer productivity. Maybe Werner, Keeno tomorrow will talk about it. Software supply chain, huge security risk. You guys are on the front lines. I want to understand if you can share why is Sneak successful? Everyone is hearing about you guys, your business is doing great. What's the secret sauce of your success? So why are you guys so successful? I think that I've been doing application security for more than two decades now. And in the past, we always saw the potential associated with transferring shift in left, in a sense, before the term, taking those security solutions out of the hands of the security people and putting in the hands of developers. It's been out of the process. It's very, very clear to anyone. The problem was that we always looked at it in the wrong way. We did shift left. And shift left is not enough because in my terminology, shift left meaning let's take those security solution, put it earlier in the cycle. But that's not enough because the developer is not speaking those terms. The developer is not a security persona. The security persona is thinking in terms of risk. What is the risk that the specific issue creates? The developer is thinking in terms of the application. What will be the impact on the application of a change that we might make into it? And so the root cause of Sneak's success, in my opinion, is the fact that from the gecko, we scratch that, we build a solution for the developer that is based on how the workflows of the developer, whether it's the IDE, whether it's the change management, the pull request, whether it's integration with the geeks and so on, and whether it's with integration with the cloud and the interaction with the cloud providers. And doing that properly, addressing the developers how they want to context, to get with the context they want to get as part of the issues. With the workflows they want to get, that's kind of the secret sauce in a sense. And very easy, maybe to say, but very, very hard to implement properly. This is huge. The impact that I want is just great call out, great description. This is huge. This is a, we're seeing the past three years in particular, maybe three with the pandemic. Okay, maybe go a couple of years earlier, then the developers' behavior is driving the change. And if you look at the past three Docker cons, we've covered, we've been powering that, that sidemen following that community very closely since the beginning as well. It just seems in the past three to four years that the developers' choices at scale, not what they're buying or who's pushing tools to them, has been one big trend. They're setting the pace. If it's self-service, we've seen self-service, whether it's freemium to paid, that works. This is the new equation. Developer choice is critical, so self-service they want. And two, the language barrier or jargon between, or mindset between security and developers. Okay, so DevOps brings IT into the workflow, check. DevSecOps brings in there. You guys cracked the code on that. Is that what you're saying? Yes, and it's both the product, like how do you use the solution as well as the go-to-market? How do you consume the solution? And you alluded to that with the PLG motion that I think SNCC has done, the superb job at. And that really helped our business scale. Okay, so I'm gonna use product. You get the keys to the kingdom, you get the product roadmap. I could imagine, I want to love to get your reaction to, Adi, if you don't mind. If you do that, what you've done, the consequence of that is now security teams and the data teams can build guardrails. We're reporting a lot of that in the queue. We're hearing that we can provide guardrails. So the velocity of the developer seems to be increasing. Do you see that? Is that a consequence? That's something that we actually measure in the product. So SNCC's focus is not finding issues, it's fixing issues. So one of the things we have been able to heuristically look at our thousands of customers and say they're fixing issues 27 days faster than they were prior to SNCC. So, you know, I'm a Formula One fan. Guardrails, you say? I say, there's a speed circuit, developers love speed. We give them the speed, we give the security teams the ability to sit on those towers and put the right policies and guardrails in place to make sure that it's not speed without safety. And the sure guys are in the luxury box now, partying while the developers are, no more friction, no more fighting, right? That's the culture. The culture is changing. I had a discussion with the Fortune 50 system a month ago and they told me, it's the first time in my life where the development teams are coming to me asking me, hey, I wanted you to buy us this security solution. And that was mind blowing for him, right? Because it's really changes the discussion with the security teams and the development teams. Before at least, how long? Okay, let me ask you that question on that point. When did that tipping point change culturally? Was it just that few years? Has DevOps kind of brought that in? Yeah, I think it's a journey that happened together with sneak kind of growth. So if three years ago, it was the very early adopters that were starting to consume that. So companies that are very modern in the way they developed and so on. And we saw it in our business. In the early days, most of our business came from the high tech industry. And now it's like everywhere. You have manufacturing, you have banks, you have like every segment whatsoever. Talk about that cultural shift. That's really challenging for organizations to achieve. Are you seeing, so that CISO was quite surprised the developer came and said, this is what I want. Are you seeing more of that cultural change? Is that becoming pervasive? Yeah, so I think that the root cause of that is that you mentioned the growth, like the increased speed of velocity in applications. We have 30 million developers in the world today, 30 millions, but the end of the decade is going to be 45 millions. And all of them are using open source, third body code, look at what's going on here in the event, right? This accelerates the speed for which they develop. So with that, what happened in the digital transformation world, the organizations are facing that huge growth, exponential growth in the amount of technology and products that are being built by their teams, but the way they manage that before from a security perspective just doesn't scale. And it breaks and it breaks and it breaks. This is why you need a different approach, a solution that is based on the developers, who are the ones that created the problems and the ones that will be responsible of fixing the issues. And this is why we are kind of centering ourselves around them. And the world has changed, right? What is cloud? It's code. It's not infrastructure, old infrastructure, hosted infrastructure. So if cloud is code and cloud native applications are all code and they're being deployed with Terraform packages and cloud formations that's code, why take an old school approach of scanning it outside in? And I talked to CISO today who said, I feel bad that our policy makes it such that a Terraform change takes six months. What did I do? I made cloud look like infrastructure. So that, so both sides, CISO's want something that the business accepts and adopts and its culture changes happen because the power is with the developers because all of this is code. And we enable that whole seamless journey all the way from code to cloud. So I think that this is part of it. It's bi-direction as a bridge and both sides are meeting in the middle here. It's a bridge. I'm curious, how are you facilitating that bridge? We talk about the developers being the kings and queens and really so influential in business decisions these days. And you're talking about the developers now embracing sneak. But you're also talking to CISO's. Is your customer conversation level changing as a result of security folks understanding why it needs to shift left? We had a breakfast meeting with customers, prospects and everyone I think this morning was interesting. We were remarking there are CTO's, VP's of engineering, CISO's, VP's of app sec. And it was such a rich conversation on both sides. So just the joy of facilitating that conversation and dialogue, CISO's, and so the levels are changing. It started for us in CTO's and VP's of engineering and now it's both. Because one of the things that he talks about is that security has to become doubtful and aware. And that's starting to be the reality, me getting another solution with maybe a better acronym than the old acronym. But it's still outside in, it's camp-based. I light up the Christmas tree, who's going to fix it? And with the speed of cloud, now I got throwing more lights. Those lights are no longer valid. The automation without prioritization and actual empowerment is useless. All right, I know we got a couple minutes left, but I want to get onto that point about automation because inside out you made me think about this. I want to get your thought, Adi, if you don't mind. The integration challenges now are much more part of the ecosystem. More joint engineering, you mentioned, these meetings are not just salesperson and customer buyer, it's teams are talking to each other. There's a lot of that going on. How do you guys look at that? Because now the worst things that I hear in what I talk to customers is, I hate the word pentest and app sec review. It slows things down. People want to go faster. So how do you guys look at that? What's Neek doing around making the app sec review process, integration across companies work better? So I'll give you an example from the cloud and then I will relate to the app sec. And this relates to what you mentioned before. We had a discussion yesterday with a citizen that said, we are scanning the cloud, we are opening the lights, we see this issue. Now what do I do? Who needs to fix it? So they have this long process of finding the actual team that is required to fix it. Now they get to the team and they said, why didn't you tell me about it when I developed it? The same goes for app sec, right? The audit is a very late stage of the game. You want to make sure that the testing, that the policies, everything is under the same structure, the same policies. So when you do the same thing, as part of the first line of code that you create, as part of the change management, as part of the build, as part of the deployment, and as part of the audit, and you have everything together, being done under the same platform, and this is kind of one of the strengths that we bring to the table, the discussion changes. Because now you have an aligned strategy, rather than kind of blocks that we have kind of mashed up together. So the new workflow, it's a new workflow basically in the mindset of the customer. They got to get their arms around that thing. If we don't design it in, the wheels can come off the bus at the 11th hour. Yeah. And everything slows down. I had a discussion with Amazon today, actually, that they had an internal discussion, and they said, some of the teams were like, why have you blocked my app from being released? And they said, have you ever scanned your app? Have you ever looked at your app? And they're like, if you haven't, then you're not really on board with a platform, and it just breaks. This is what happens. Great conversation. I know we don't wish you had more time. We'll do a follow up on theCUBE for sure. Should we get into the new twist? Got one final question for you guys. We're making some Instagram reels. So think about your elevator pitch in 30 seconds. And I want to ask you about Sneak's Evolution. Manoj, I want to start with you. What is that elevator pitch about Sneak's Evolution to the end user customer? Empower developers, help them blow faster, more productive, and do it in a way that security is really built in, not bolted on. And that's really, you know, from the evolution and the power that we are giving is make the organization more productive because security is just happening as a part of making the dial for more productive. Awesome. And Adi, question for you. How, your elevator pitch on how Sneak is really an enabler for CISOs these days? Yeah, so I always ask the CISO first of all, are you excited about the way your environment looks like today? Do you need to have a cultural change? Because if you need to have a cultural change, if you want to get those two teams working closely together, we're here to enable that. And it goes from the product, it goes from our education pieces that we can talk about in another section, and it works out the language that we build to allow and enable that discussion. Awesome, guys. That was a double mic drop for both of you. Thank you. Thank you so much for joining John and me talking about what's happening with Sneak, what you're enabling customers to do, and how really, you're enabling cultural change. That's hard to do. Awesome stuff, guys. And congratulations on your 11th and your first CUBE interviews. Second, second. Second. Second. I'll be your more, but now... You got it. You got it. You have to come back, because we have too much to talk about. Thanks, guys. We appreciate it. Without one note, so I can catch up. Okay. We'll work on that. We'll bring you to the studio. Exactly. A straight interview. We hope you've enjoyed this conversation. We want to thank our guests. For John Furrier, I'm Lisa Martin. You're watching theCUBE, the leader in emerging and enterprise tech coverage.