 Hey everyone, welcome back to theCUBE's coverage, day two of cloud native security con 23, Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. We had, I've had a global event. This was a global event we had Germany on yesterday. We had the Boston studio. We had folks on the ground in Seattle. A lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us. I think this event as an inaugural event stood out because one, it was done very carefully and thoughtfully from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE con. So Kubernetes success and cloud native development has been such a success. And that event and ecosystem is booming, right? So that's the big story is that they have the breakout event. And the question was, was it a good call? Was it successful? Was it going to, was with the dog hunt as they say? In this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes, CUBE con and cloud native console. That was the key hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is, is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event, small. Reminds me of first CUBE con in Seattle. Kind of let's test it out, let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in earlier segments, this is not something new. Amazon Web Services has reinvent and reinforce. So a lot of parallels there I see there. So I think good call, CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante on our last keynote analysis was, the business model of the hackers is better than the business model of the industry. They're making more money, it costs less. So they're playing offense and the industry playing defense. That has to change. And as Dave pointed out, we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me, that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center. And then down on the weeds outside of Kubernetes, things like bind and DNS were brought up. You've seen the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. I would love if for us to be able to, as the months go on, talk to some of the practitioners that actually got to attend. There were 72 sessions. That's a lot of content for a small event, obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person to your point. Having this dedicated focus on cloud native security is incredibly important. You talked about the offense, defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be, from what we've heard in the last couple of days, the right community with the right focus to be able to make that pivot. Yeah, and I think if you look at the success of Kubernetes, because again, we were there at the cube, first one of KubeCon, the end user stories really drove, end user participation drove the birth of Kubernetes. Lyft, some of these cloud native early adopters, early pioneers that were using cloud hyperscale really set the table for cloud native con. I think you're seeing that here with this cloud native security con where I think we're going to see a lot more end user stories because of the security, the hairs on fire as we heard from Madrone Adventures, you know, as an investor, you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of security con to be end user focused, much more than vendor focused, where KubeCon was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect them also similar trajectory to KubeCon. That's a good path. It needs to all be about the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move cloud native security forward? What did you hear the last two days? I heard that there's a lot of security problems and no one wants to kind of brag about this, but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, we heard that from one of the startups we've just interviewed. If automation and scale continues to happen with the business model of hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff, old school, under the hood plumbing, networking protocols. You can start to see this super cloud like an environment emerge where data's involved, everything's happening and so security has to be reimagined and I think there's a do over opportunity for the security industry with cloud native driving that and I think this is the big thing that I see as an opportunity to, from a story standpoint, from a coverage standpoint, is that it's a do over for security. One of the things that we heard yesterday is that there's a lot of, it's a pretty high percentage of organizations that either don't have a sock or have a very primitive sock, which kind of surprised me that at this day and age, the risks are there. We talked about that today's focus in the keynote was a lot about the sock or supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, this is, we got to get going because there's going to be, the hackers are, they're here. I didn't hear much about that in the coverage because we weren't in the hallways but from the, from reading the tea leaves and talking to the folks on the ground, I think there's an implied, like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we covered with the angel investor over cane. You're seeing data infrastructure is going to be part of the solution here because data and security go hand in hand. So everyone's got basically a checkbook wide open. Everyone wants to have the answer and we commented that the co-founder of Palo Alto, Yanar Coverage yesterday was saying that, you know, there's no real platform. There's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security and but the answer is not going to more tool sprawling. It's going to more platform, some of that enables automation, fix some of the underlying mechanisms involves and fix it fast. So to me, I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. It's a great point in terms of the demand for the business side, because as we know, as we said yesterday, the next log four J is out there. This not a matter of if this happens again, it's when it's the extent, it's how frequent. We know that so organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security and now this is not a conversation that can wait. Yeah, I mean, I think the five C's we talked about yesterday, the culture of companies, the cloud as an enabler, you got clusters of servers and capability Kubernetes clusters. You got code and you got all kinds of things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security is different and important, but it's not going to fork the main event. So that's why I think the spin out was a spin out or the new event is a good call by the CNCF. One of the things today that struck me, they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during COVID times. That is a massive increase. The threat landscape is just growing so amorphously, but organizations need to help dial that down because their success and the health of the individuals on the end users is at risk. Well, COVID is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also when you have change like that, there's opportunities for hackers they'll arbitrage that big time. But I think generally the landscape is changing. There's no perimeter anymore. It's cloud native, this is where it is. And people who are moving from old IT to cloud native, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene from hygiene to architecture. And like Nick said from Palo Alto, the co-founder, there's not a lot of architecture and security. So yeah, people have bulked up their security teams, but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel cloud native. And I think you'll see a lot more coming out of this. Did you hear any specific information on some of the cloud native projects going on that really excite you in terms of, these are the right people going after the right challenges to solve in the right direction? Well, I saw the sessions. And what the time sessions was, it's a lot of extensions of what we heard at KubeCon. And I think what they want to do is take out the big, big items and break them out in security. KubeScape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused, but also plays well with KubeCon. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for KubeCon to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security because that gives more focus to the stakeholders in KubeCon. There's a lot of issues going on there and service meshes and whatnot. So it's a lot of good stuff happening. A lot of good stuff happening. One of the things that'll be great about KubeCon is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about, in that case, how they're using Kuber and it needs to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of cloud native security con to understand how those end users are embracing the technology. You brought up, I think, near Zook from Palo Alto Networks. One of the themes there when Dave and I did their Ignite event in December was 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content, which this event probably delivered, to figure out how do we consolidate security tools effectively, efficiently, in a way that helps dial down our risk profile because the risks just seem to keep going. Yeah, I love the technical nature of all that. I think this is going to be the continued focus. Chris Anisek, who's the CTO, listed like E and BPF, we covered Liz Rice as one of the most three important points of the conference. And it's just, it's very nerdy and that's what's needed. I mean, it's technical. And again, there's no real standards bodies anymore. The old days, developers, I think it's super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first, even in security. So, you know, this is a sea change. And I think, you know, developers' choice will be the standards bodies. They decide the future. I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. You've been talking about kind of putting the developers and the driver status really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? Yeah, absolutely. It's clearly the fact that they did this was one. The other one is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere and making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and there should be driving the application development, you got to make sure that's secure. And so that's always going to be friction. And I think whoever does it, whoever unlocks that for the developer to go faster will win. Right, oh, that's what I'm sure. Magic to a developer is the ability to go faster and be able to focus on code development in a secure fashion. What are some of the things that you're excited about for KubeCon? Here we are in February, 2023. And KubeCon is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural clouding of security con is generating from a community, a culture perspective? I think this year's going to be very interesting because we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year, more than ever. I think you're going to see a lot more innovative projects, ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments out of the CNCS main event, KubeCon will happen. You'll see a lot more successes scale, more clarity on where the security holes are or aren't where the benefits are. I think containers and microservices that they're continuing to surge. I think the cloud scale, hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you'll see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the cloud. So I think the Amazon web services, Azure, Next Level, GenClouds will impact what happens in the cloud native foundation. Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody who's going to talk to me about that? Well, we weren't on the, I didn't hear any sessions on AI but we saw some demos on stage but they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I said, there's the naysayers who think it's kind of a gimmick or nothing to see here. And then some are just going to blown away. I think the people who are alpha geeks in the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting. That was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. Or both? Yeah, so definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about cloud native and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote, the event going on in Seattle, us being here in Palo Alto in Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why cloud native security is, why cloud native is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? Yeah, absolutely. I think it was implied. I don't think it was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems for the businesses that are out there. So clearly the cloud native community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they got great co-chairs too that put it together. So I think that's very positive. Yeah. Do you think, is it possible? I mean, like you said several times today, so eloquently, the industry is on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances as technology advances, industry gets to take advantage of that. So do the hackers. Is that balance achievable? Absolutely. I mean, I think totally achievable. The question is going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not is to look at, just go back 13 years ago. I remember in 2010, Amazon was viewed as an unsecure environment. Everyone's saying, oh, the cloud is not secure. I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, this is just the beginning. It's kind of like Bob wire on a fence. Yeah, you're not going to climb it so people can get over it. And so since then, what's happened is the cloud has become more secure than on premises for a lot of either, personnel reasons, culture reasons. They're not updating from patches to just being unsecure to be more insecure. So that to me means that the script can be flipped. And I think with cloud native, they can build in automation and code to solve some of these problems and make it more complex for the hacker and increase the cost. Yeah, exactly. Make it more complex, increase the cost. That'll be an interesting journey to follow. So John, here we are early February 2023. The cube starting out strong as always. What year are we in? 12? Year 12? 13th year. 13. What's next for the cube? What's coming up that excites you? Well, we're going to do a lot more events. We've got the cube in studio that I call theCUBE Center as kind of internal code word. But like this is more about getting the word out that we can cover events remotely. As events are starting to change with hybrid, digital is going to be a big part of that. So I think you see a lot more cube on location. We're going to still do the cube and have the cube cover events from the studio to get deeper perspective because we can then bring people in remote through our studio team. We can bring our cube alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through the cube and so Cube Center, Cube Studio will be a integral part of our coverage. I love that. And we have such great conversations with guests in person, but also virtually digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded, loud and clear through the cube megaphone, as I would say. And of course getting the clips out there, getting the highlights, getting more stories. No stories too small for the cube. We can make it easy to get the best content. The best content. John, it's been fun covering Cloud Native SecurityCon with you and Dave and our guest. Thank you so much for the opportunity and looking forward to the next event. All right, we'll see you at Amsterdam. Yeah, I'll be there. We want to thank you so much for watching the cubes today coverage of Cloud Native SecurityCon 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante. I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.