 Live from Washington D.C., it's Cube Conversations with John Furrier. Hello everyone, welcome to this special Cube Conversation. I'm John Furrier, the host of the Cube, co-founder of SiliconANGLE Media Inc. We are here in the Washington D.C. Beltway area. We're actually at Amazon Web Services, Public Sector Headquarters in Arlington, Virginia. My next guest is John Wood, the CEO and Chairman of the Board of Telos, a big provider of some of the big contracts, certainly with Amazon, the CIA among others. Welcome. Thank you very much John. Thanks for joining me. I'm glad to be here. So, you guys have been pretty instrumental. We were talking to Teresa Carlson earlier with an exclusive interview with her and we talked about the shot heard around the cloud. That was the CIA, Amazon win four years ago. Yes. Kind of infiltrated the government area. It's almost a gestation period. Now you got DOD action, ton of other opportunities, but it really is an architectural mindset changeover from the old way. Yes. You guys are involved in this with Telos. What's your take? How are you guys involved? What's going on? Yeah, so it was groundbreaking when the CIA made the determination that they were going to move to the cloud for sure. It kind of made everybody stand up and take notice. You know, if the most security conscious organization in the world was considering it, why aren't I? And here we are four years later. So where is the CIA now? Well, now the CIA is able to provision a server in a couple of minutes, whereas in the past, it used to take them almost a year. Now with the use of automation tools like we have with Telos and the Exactus suite, you know, the CIA is able to get their authority to operate in less than a week when it used to take 18 months. So I basically think what's happening is the cloud is providing an access point to IT modernization and the agency is showing that there's a blueprint that the rest of the government can also follow if they want to. One of the things we're involved in a lot of blockchain coverage as well as kind of taking the tires on blockchain, you're in the middle of a cloud game with identity. Identity is the secret to having good scalable systems because when you have good identity, good things happen. In blockchain, it's the people saying the theory of all this and in IT, it's what identity you're gonna use. How does the authority to operate challenge you mentioned become so important because you're talking about massive amounts of time. I mean, time savings. So just tease out the nuances of why it's so important to have that identity solution. So in the past, there was no common language within which our cybersecurity professionals could engage with each other. Now with the signing of the president's executive order on cybersecurity, the White House really is mandating the adoption of the NIST framework. What's relevant there is that on the one hand, it provides you with a common language but on the other hand, it's 1100 controls. So as a result, automation is gonna be key to making sure that people can work with each other and to making sure that actually the adoption actually takes off. And that they're safe, they know the trusted party. Is trust a big part of this? I think what's happening because the intelligence community has been working so closely together. And when I say the intelligence community, it's not just the traditional CIA, NSA, NRO, et cetera. It's also the military component of the intelligence community. So you've got almost 38 assessors that are assessing C2S and SC2S, you know, the secret if you will cloud in the top secret cloud. And those assessors all have been working in the same community under this framework. And I think that has given them the confidence that the data is protected. And as a result, they're heading much closer to reciprocity than ever before. There's been observations certainly on theCUBE. We've said this many times over the past few years and tracking IT over the years, IT transformation, digital transformation, whatever you want to call it buzzword. The reality is you had some progressives that would move faster and kick the tire certainly financial services in some areas. You see that really no problem. Then you had the folks who are just been consolidated down, didn't have a lot of budget and were lagging, waiting to adopt. Now there's no excuses with cybersecurity top of mind with hacking, malware, ransomware, cyber warfare from nation states, sponsored states and open source. It's out of control. It is. So the security equation is forcing IT to move. The action has to be taken. What are you guys seeing in this area? Because this is a big story and it's really putting a fire under everyone to move. And it's long overdue. I mean, I co-wrote an article with our chief security officer in 2011 talking about why the cloud was the way to go for federal, state, local and education customers. And at the end of the day, I think what's happening from a top cover perspective, the legislative community understands that. Obviously the executive branch understands that. And now with initiatives like C2S, the rest of the environment, the rest of the government can see what's possible. So I believe that the leadership within the government is ready for this change. They're seeing the benefit as it relates to C2S and SC2S. And ultimately, the key is the guys who run the contracts themselves, you got to make sure that those guys want that to embrace that change too. Yeah, so you have that. Right now, if you look across the government, 80% of IT spend is going back into maintenance. If you look at all my commercial customers, it's somewhere between 20 and 25%. What does that mean? It basically means that the government has a lot of legacy systems, which means that there's a lot of threats, and which means there's a real cyber security problem. I believe fundamentally by moving workloads to the cloud, you'll be eliminating a lot of those cyber security problems. Yeah, it's interesting. Security's going to be the driver. The other thing I wanted to bring up, especially here in DC and public sector, is transparency. Now everyone's going to see everything. We're in a data-driven world. You can't hide either. The light is on. It's right there on the table. No more hiding. How has transparency been impacted in the procurement process and the sales motions, the overall engagements with Gov and public sector customers? I think truth be told, there have been a lot of ideas that were short-term and not really thoughtful. But the good news, as I said, is that the policymakers are really thinking and considering trying to figure out how to make changes. Take for example, LPTA, low price, technically acceptable. When I went to the Congress and talked to both of the House and the Senate side and talked about how if I have one customer who's gotten hacked and the other customer has the same hack, but one happens to be a government customer, one's a commercial customer, the resources that we have are really trained, highly skilled, highly sought after resources. Well, my commercial customers are willing to pay 300 to 400% more than my government customers are. So when you have scarce resources, where are you going to apply them? You're going to apply them where the people who are going to pay you. So my point to the Congress was simply to say, hey man, you get what you pay for. And so ultimately the good news is that both on the House and the Senate side that they eliminated LPTA as it relates to cybersecurity goods and services. So I believe that, again, that there's a lot of, not just transparency happening, but there's a lot of people realizing that there are things that we can do. Procurement is kind of the last frontier for me. I have seen recently, I saw one of our government customers where we're a subcontractor, they went with something called an OTA, which stands for an other transaction agreement. Big part of the problem in the government these days is everybody protests everything and there's really no downside to the protesting. With an OTA, it's not protestable. So I am seeing our government customers begin to think about other means of actually doing things like procurement and so that you can actually acquire. Are they going to have instant replay? I mean, it sounds like the NFL. That call is not reversible. I mean, this is kind of, we're getting into all these rules and regulations where you got protest. It seems that policy injection is not healthy at some level because that point about what costs more in the commercial side, because the demand there, they understand the consequences and the resource availability to the government. You just eliminated a policy that wasn't really helping. So policy is a real consideration in here. I think so. Again though, it's a different environment than it was five or six years ago and I do think that there are some real positive things that are happening. I agree with you that there's a groundswell of support behind the cloud and certainly players like us see the benefit associated with that shared security model. One of the things we've been observing and tracking on SiliconANGLE theCUBE is this notion of public-private collaboration. Sharing data is a huge deal. Certainly in cyber, people realize that data is valuable. Certainly at scale, you see patterns you might not see. Customers on workloads here and there need to be identified. If you're not sharing the data, you don't know. So data sharing is a big deal but also collaborations between the private and public sector. Can you comment on what's going on there because we're seeing some movement where we're seeing security agencies saying, hey, we'll share some stuff. You share some stuff with me. So is he seeing a little bit of a community developing heavily around data sharing? What's your take on that? So I think we have a ways to go to make it work right because if it was working right, you wouldn't see the very publicized hacks that have gone on. One of the things that the Congress can do, I think, is to provide incentives for the private sector to share more information more quickly. When the Yahoo! hacks occurred, it wasn't discovered until two or three years later. So as a result, there's really, like I said, there's no incentive and there's a perceived amount of liability. So one of the things that I'm asking some of our Congress people to consider is if you do share information, maybe there's a limitation on liability. And that provides, if you will, a mechanism and that provides an incentive for the private organizations to work with the public organizations. So not to bury it. Like Yahoo! tried to bury that thing and they came out later. Exactly. There's no sense in burying it. There really, there should be no reason to bury. All right, take a minute and talk about tell us what you guys are doing. You're the chief executive. What's going on with the company? Talk about the successes, where you guys are winning, your challenges and opportunities. Sure. We're in the business of, we do cybersecurity, we do identity, we do secure mobility. In the area of cybersecurity, I'm very proud about the fact that we're the database of record for the intelligence community. Many department defense agencies use us, Homeland Security. To the department of state, there's a whole bunch of organizations that tend to work with us. I think that the issue for me has always been around investing in things that make our customers more efficient. So whether it's cybersecurity, it's one thing to provide the authority to operate, but I like to provide that authority to operate on a continuous basis. When we talk about identity, it's one thing to say that I am who I say I am, but it's another thing to let you know that I'm actually somebody that's trustworthy. So we have a special relationship with the FBI that allows us to do real-time data lookups on their people. We were the integrator of record for the common access card, the military ID card. We have been for a long time. So from that, we built a business relationship with the TSA and now we have about 70 airports across America that use our service to do identity as a service for all of their employees. Can you get me to cut the line at TSA at pre? You know, yeah, it's a, if you want to cut the line on TSA pre-check. Quality of service opportunity and people will pay more for that. Absolutely. And plus I also think TSA pre-check wants to have a lot more people in that ecosystem too. It's no different than when the EasyPass came in into play years and years ago. I remember zooming through the EasyPass and just wondering why people want to stand in line. Why would you? Right? And then if you think about it, we're also involved with secure mobility. So we have a capability called Tellos Ghost that allows you to basically hide on a network. You're familiar with the notion of signal hopping. You know, in World War II, that's how we avoided detection by the enemy. So this is what we invented here was something around IP hopping. So as a result of that, whether you're a server-facing thing or a client-facing thing or a mobile device, you can't be seen on the network. And if you can't be seen on the network, you can't be hacked. Well, that's awesome stuff. Your relationship with Amazon Web Services. So talk about that, some of the things you're involved in, the deals, momentum. What's the relationship look like between you guys? So we have an enormous relationship with Amazon. Most important partner we have. We have a, it started with the agency. And I was in a meeting with Teresa Carlson and one of the senior people in the agency. And we wondered whether or not we could do for the, we Tellos can do for the cloud, which we've been doing for the enterprise for the better part of 15 to 17 years now, which is basically providing that authority to operate in an automated way. And so we invested together and we were able to prove that we could absolutely do that. Now what we're doing is we're basically copying and pasting that model to our customers across the government. And you guys put a stake in the ground in 2011. You were early. I mean, 28 was the beginning of the DevOps movement. You were in the heart of it in 2011. What's the biggest thing that you've learned or observed or experienced over those years since 2011? The biggest thing. Or just the most important. That is an enormous question. It could be the most important, most relevant, most surprising, some of that. The most important thing was they got married in 2012. I have a four-year-old and a two-year-old and a 14-year-old and eight-year-old. Was it really you who got married? Was it your identity? It was really me and it was my identity. I will say, I think that the government is embracing efficiency. The government is embracing change. I think it started around 2014 or 15 and now it's really moving out. I think there's a lot of top cover, both from a policy side and the executive side, and I'm seeing a lot of leadership from within the government itself of people who want to make the change happen. Yeah, and it's also the competitive fairness question we're hearing just here in town yesterday, rumblings of one-source cloud, multi-cloud. I mean, Amazon technically is a one-source cloud. They've got an ecosystem. Should they have multi-cloud and the requirements? All these things are kind of, almost feel like that protest model's going on, like there's a little of the fud going on everywhere from the other vendors. Do we expect to see more of that in your mind or less of it? Well, I think at the end of the day, the chips are taking off the table. The people that don't want change are the ones who are, if you will, very invested in the legacy. If those people are paid, time and material are cost-plus, they're not paid to be efficient. So there's going to be pushback. On the other hand, we've seen by the gigantic growth of the adoption of the cloud and by the cloud infrastructure and the cloud ecosystem itself, there are enormous opportunities for organizations out there. So I think people should embrace the change. I really do. I think fundamentally it's going to be a really big positive to this industry and into this region. I mean, I always say to Dave, well, I think my co-host is like no brainer. You look at the mainframe. That was the generation when I was growing in the industry. It's like I was the young gun. Look at mainframe, co-ball. Who the hell wants that? Mini computer. I want the client server. So it's pretty obvious when you're in it. So I got to ask you with that in mind. Cloud is pretty obvious to folks who understand DevOps and automation, those efficiencies. You mentioned authority to operate as an example. Some of these numbers are pretty significant. So let's go down the problem. Is it important? What are the consequences? How do you quantify it? So the problem that people are trying to solve is how do I get resources? Computing, software, whatever. Pretty important because now you got security, you got all kinds of stuff. What are some of the consequences? And you mentioned some benchmarks that you've quantified. You mentioned provisioning a server in a year. Is that really true? I mean, so give me some data on those, some of these consequences kind of old way. Well, in the old way, traditional procurement methods, like I said, one of the big issues is whether it was a culture or it was procurement rules or just the process to get an approval, it would take a year to get a server provisioned. Now it's literally you push a button and one to two minutes later you have a server, a new server. So you get ultimate scale, you get ultimate throughput, you pay as you go, you pay what you use, what's not to like? So that's all good. From the standpoint of security, because it's the NIST framework, we can automate about 90% of that. That's 1100 controls, right? So we automate about 90% of those 1100 controls. Now you get a whole bunch of auto inheritance, a whole bunch of things that can be automated are and as a result, when NIST goes from one version of NIST to another version, all that happens automatically. And more importantly, as a cybersecurity professional, and I've only been at it since 1994, so I've been in it for relatively long time as a CEO, as a cybersecurity professional, you know what I see is, as long as I can show a continuous monitoring of your current status, that's very relevant to the operational security professional, that's really good. So for us, we know that our customers are going to be a combination of cloud, hybrid, and on-prem. These large organizations are going to take years and years and years to move to the cloud, but they got to start because now's the time. So automation and having that nice stack where you can automatically updates and auto provisioning, auto scaling, but the operational provisioning piece is really where the rubber meets the road, right? Is that where you're getting at? Well, it's that. It's also you're consolidating your data centers. You don't need lots of them anymore. You can just focus on one. That's another big area. Another big area is you can lift and shift your legacy IT infrastructure into the cloud and then put the big investment into the new application as it's sitting in there in the cloud. Awesome. John, thanks for joining us here in the CUBE conversation. Here at Amazon, web services headquarters breaking down the trends in GovCloud public sector as cloud computing really levels the playing field, opens up new doors, new solutions, faster time to operate and buy other things here. In Washington, DC, in Arlington, Virginia, I'm John Furrier. Thanks for watching.