 New York City, it's theCUBE covering CyberConnect 2017 brought to you by Centrify and the Institute for Critical Infrastructure Technologies. Hey, welcome back everyone. This is theCUBE live in New York City in Manhattan. We're here at the Grand Hyatt Ballroom for CyberConnect 2017 inaugural event presented by Centrify. I'm John Furrier with my co's, Dave Vellante, both co-founders of SiliconANGLE Media, our next guest is Parham F. Kittari who's the co-founder and senior fellow of ICIT, also part of the team and the lead around putting the content agenda together. These are the guys who put it all together really inaugural conference, great success. Turns out, we talked about it was going to be big, it's going to be huge. By the numbers, it's just a great beach head. The right people showed up. Welcome to theCUBE, thanks for joining us. Yeah, thank you for having me. Excited to be here, good to chat with you again. So before the event started just a couple of months ago when we were talking about the event. We were like, this is, love the name, first event of its kind, always wondering, will people show up? Well that's right, first time events, we've talked about this before. There are so many cybersecurity events out there and so many organizations competing for limited time and resources. So I think to have an event like this be such a big success in the first time speaks to the quality of the content and Centrify's role and ICIT's role in putting it together. I want to give you guys congratulations to you and your partner for running a really amazing company and event. You guys go big by thinking small, by being small, being relevant, your model and how you do business earns trust. It's very community driven, same ethos as what we believe in. So I want to give you props for that. It's not usually C, great execution, thinking about your audience and constituents. So congratulations. Thank you. Okay, so with that you got a lot of heavy hitters in your role that's got great community, big names, generals up there, you have big time C-sos. What's the vibe? You guys are dealing with this profile persona all the time. What's on the minds? I mean, obviously the general is banging his fist on the table, virtual table, or a coldness coffee cup, telling war stories. It's basically saying if we don't get our act together, industry and government. Yeah, well I think what's happening today and you know the business of the institute, we're a research driven organization. So as an organization that provides objective research, we have the fortunate position to be able to advise through some of these commercial and public sector leaders. And so in that advisory, we have a really good sense on the pulse of the community and we're able to hear directly from these individuals. We don't have to look at market research studies. We don't have to look at what some of these third party groups are talking about. We're able to communicate directly and we can actually see and feel their feedback to what we're discussing. There's no lag to your model. You have your fingers on the pulse. What is it telling you? I mean, obviously we heard the message here. There's some work to be done. There's some technical core, fundamental infrastructure things. There's application specific things. Obviously the threats aren't stopping. That's right. If you look at the program that was built, it really does mirror the way that the institute believes that we need to approach solving these issues and that comes with a layered security strategy. And so oftentimes you'll go to these events and we understand that there's organizations that are looking to make this into a more of a marketing opportunity for them. So unfortunately the curriculum and content only touches one or two core competencies which obviously really underscore what the sponsors do. What we've done here at Cyber Connect which is why Centrify is such a great partner. They understand that they may be one of the world's leading identity access management organizations but they know for us to have a cybersecurity renaissance and actually make that quantum leap that the general and some of the executives that you were mentioning were discussing all day. We need to have a number of different technologies discussed and have that education talk about things like the use of machine learning based artificial intelligence. Talk about how technology can enable automation. Talk about identity access management. Talk about like we just heard Terry Gravenstein talk about the importance of building a culture of trust. Security has a human element to it. People is one of the biggest problems we have so I think this is one of the reasons why this event to your point earlier is such a big success for the first year out. We heard a lot today about sort of the partnership or really the imperative of government and commercial enterprises working together. You do a lot of work in the government and there seems to be anyway our impression is there's a heightened sense of security for obvious reasons and board levels in the commercial side have really tuned in to security but still organizations seem to be struggling with what's the right regime. It used to be just an IT problem or a security team problem and as you really pointed out many, many times at this event it's everybody's problem. So what are you seeing in terms of things that commercial enterprises can learn from government particularly from the top and the top down initiative? Yeah, I think one of the themes that you've heard discussed several times today as Ontario again just talked about is having a seat at the table. I think there's so much media discussion about cyber security, all of our families, our moms, our grandparents are understanding that cyber security is a major issue. We're even starting to get some more general consensus that cyber security is a national security imperative and so I think this is helpful. I think now we have to start to as cyber security practitioners we have to speak in the language that resonates with so if you're talking to a chief operating officer and trying to educate them on the impact of ITOT conversions and you have to speak in the terms that it's COO is interested in versus a CFO, versus your CIO, versus your board of directors. So I think language matters, vocabulary matters and I think it's one of the things that we see starting to percolate up in some of the conversations that we're having. Given the humans are the main problem I mean we all have this assumption we talk about it in the cube all the time but oh my gosh internet of things is going to create this huge space of people to attack, huge attack maker. But if the humans aren't managing the devices is there potentially an upside there if that makes sense? Yeah so I think it all goes back to tomorrow morning we'll hear from Dr. Ron Ross and David from Centrify and they're going to be talking about security by design. NIST Dr. Ross actually put out a paper 800-160 which really talks about the importance of building better systems devices product so I think that we are moving towards automation, we're moving towards machine learning, we're already see it impacting a lot of our society and even down to your point the IoT devices we just put out a paper about cyborgs and the use of embedded devices in actual in humans and transhumanism. This is all a, the ship has, the train has left the station I guess you can say. I think what's important now is to not make the same mistakes that we did the first go around and pause and not put profits over security and privacy and actually understand that if we can't build it with security, certain security requirements there then we can't get that functionality or it may not cost the price point that we want it to cost which may have it been more affordable for consumers so I think we have to reprioritize. US companies generally have not taken that pause and put security over profits it's really been the reverse and many would say okay but it's actually worked out pretty well for US companies they dominate the technology industry. What do you say to those folks that say well profits are actually more important? Well I think it depends when you say it worked out well I think if you look at all those individuals that have been impacted by the breaches I think that's where people are starting to really understand how it's impacting us and going back to my comment about the national security side. This is no longer just about being able to steal your PII and maybe doing some fraud in terms of identity theft and whatnot when we're talking about metadata and capitalistic drag net surveillance and now if you're looking at who is stealing and curating this information it could be special interest groups it could be nation states so now this becomes a much larger issue and a much larger challenge. So it's a ticking time bomb is essentially what you're saying and so then that begs the next question does really government have to get involved to begin to impose its will if you will on commercial organizations? Yeah I think what's going to happen and we actually were talking about this lunch with General Alexander earlier today it's going to be a balance the government will be getting involved they are getting involved there's a lot of legislation being passed that truly is trying to make a bipartisan push to address some of these issues but I think ultimately that's going to be as the general kind of said earlier it's just going to be the government beating these folks virtually on the head until they start to do some self-governance self-relationship. Talk about your relationship with the general vis-a-vis this event he had great keynote inspiring obviously moved a lot of people talked about the general common defense versus civil liberties balance and privacy as you mentioned what more can you share about some of the things that he sees and feels strongly about that you guys are seeing in your research in the Institute because this is interesting because you got a guy who says I'm an army guy right who's now looking through the prism of the future with past history at the NSA command center cyber command center he's got a pretty interesting view and he sees both sides of the coin you guys are seeing that people in the tech business are like deer in the headlights we saw Twitter, Facebook and Alphabet you know like and then the center is trying to grok what Twitter does so I mean you have this generational gap you also have historical analog to digital transformation going on this is a societal impact this is pretty huge what does the general truly feel what's his vision what's his point of view these days yeah so I'm not going to speak for the general I wouldn't dare do that but I will say that if you listen to his comments on stage one of the things he does talk about and where our relationship is very strong is the importance of public-private sector collaboration the general actually received our pinnacle I'm sorry was named our pioneer last year at our Gala which is actually happening in a couple of days in Washington DC and he really if you listen to his message he underscores the importance of collaboration not just within a sector not just within government but cross sector and between public-private sector and between technology providers and government and legislative community so I think one of the things that I am comfortable saying is that he would encourage more collaboration more information sharing and more trust among these sectors to work together to solve these problems how should people measure success in this business that's a loaded question I think success needs to be at this stage incremental I don't think we need to be realistic in terms of how much quote success can we achieve overnight we've mentioned earlier the ship has sailed and so I think we need to do multiple things simultaneously we of course do need to continue to implement technologies and strategies that detect and respond to threats but I personally would say that the true success is going to really be accomplished when we start to deploy strategies and reprioritize so we're actually building more secure systems more secure devices I think that's going to be needs to go hand in hand and we'll hear a lot about that tomorrow with Dr. Ross would that imply that either you know the rate of growth of breaches starts to moderate or the amount of data or the amount of revenue dollars lost begins to slow down its growth rate at some point that's absolutely going to be the goal I think that is that a reality though? I mean given that everything's growing so fast in our business oh yeah I'm an eternal optimist I think absolutely we'll get there I can't tell you the time frame but I do know that venues like this and the work that ICIT is doing is really important to getting us to that point until we get folks in the media and on Capitol Hill and in federal agencies talking about these issues so then it's not just the security folks who are focused on this but a broader group I think that's the opportunity and you know as we wrap up day one here education and content value is what we're seeing I mean you guys see that all the time I know a preacher is a choir but again looking at mainstream media and some of the techniques that the Russians and other states have used to implement memes and the election conversations it's being gamified we know that so the media picks up on it because there's identity politics going on so I think there needs to be a wake up call I mean I think the educational process is critical absolutely what's next and that's where we feel very fortunate to be in the position that we're in because ICIT is a neutral third party non-profit and non-partisan research organization so what we're doing is putting out content we're not I should say this way the information comes out agenda in terms of how to couch it exactly our agenda is is national security our agenda is improving the security of our nation's critical infrastructure sectors improving resiliency and providing trusted advisory to these very stakeholders well get in the people here on the cube and having you guys come on and do this great event really opens up the door for more voices to be heard absolutely and we heard from your partner had some great things to say this has got to get out there so people the press can report on it that's right we'll turn on the cameras Dave what's your take on the event here obviously as inaugural event what's your analysis well I mean we touched on some big topics right I mean the general in particular he was talking about collaboration with the FBI you know snow rule of government privacy ACLU Jeffrey Stone I think you know my big takeaway as we were just discussing was and the general said this Sony for example he gave that example can't do it alone and we've been saying this for a while and John you predicted this you said a while back that the government's processes technologies know how is going to seep into commercial businesses as it has so often I mean you look at you know space launch you know radar nuclear energy the internet etc and I think the security cyber security is such a big problem only the government can help solve this problem well the government's always been dealing with the moving train and the corporations and the enterprise should have been buying shrink rack software loaded on a server that's evolved to buying more servers that have been pre integrated with software and buying silver bullet solutions and then leave it alone until something breaks and then fixes it and I think you know when we were talking and looking at this event my takeaway here is the moving train is never going to stop and the shifting of the game is going to be a cat and mouse good versus bad new technology versus reality open source certainly accelerated the role of the public domain treasure troves of information are being amassed whether it's wiki leaks or in the open source this is a problem and then there's no real real creative solutions I have not seen anything so to me this event takeaway is that this is the first time a step has been taken to saying whoa holistic big picture what is the architecture of a global society where nation states can compete with no borders in a digital virtual space be effective have freedom and then respect for the individual I mean no one's ever had that conversation yeah well we're excited to have it we've gotten really great feedback from just some of the conversations that we're hearing in the hallways as people are taking learning actionable intelligence where I can actually take this and instill it I think a lot of people are actually being inspired and that's something we need especially in an industry where every day it's about how you know cyber security folks don't get in the news when nothing happens as a commercial I think it's IBM commercial right whereas my nothing happened to work for my dad today right but that never happens it's always about what does go wrong so I think we need to be inspired and motivate ourselves well one of the things that we're excited about as you know we're community model like you guys are you look at some of the early indicators of how blockchain and even though it's kind of crazy you know bubbly with the ICOs and cryptocurrency and overall blockchain it all comes down to the common thread we see in open source software over multiple generations we're seeing in blockchain we're seeing in security community matters and I think the role of individuals and communities will be a big part of the change as the new generation comes up really fundamental so congratulations thank you okay Pairam here is inside the cube for our wrap up of day one of CyberConnect 2017 I'm Jeffrey DeValante thanks for watching