 Live from San Francisco, it's theCUBE. Covering IBM Think 2019, brought to you by IBM. Welcome back to theCUBE, Lisa Martin with Dave Vellante on our third day here at IBM Think 2019. It's like a kind of full day of the event. Dave, here we are with this beautiful San Francisco rain, much needed in California. I like being back in Moscone, it's good. It is nice being back in Moscone, it's being being back, we are welcoming back to theCUBE, Mary O'Brien, the general manager of IBM Security, Mary, it's a pleasure to have you on the program. Thank you, Lisa, Dave. So, we were just talking before we went live, this event is massive, about 30,000 people. It was standing room only to get into a Ginny Romani's keynote yesterday. Well, you couldn't get in. Couldn't get in more. Look at the clothes, they shut the doors out. I think she said, this is the closest that she'll ever be to an iPhone launch. That must be the rock star status. For campuses, 2,000 different sessions, there is here a security and resiliency campus. Yes, there is. Must be exciting for you. Certainly is. Talk to us about security is such a pervasive challenge that any organization faces. You were saying there's nearly 2 million by the year 2020, nearly 2 million unfilled security roles. Talk to us about security at IBM and how you're using technologies like AI to help combat the problem that, this prolific problem that cybersecurity is bringing. Okay, so I can start by saying security is everybody's problem. It's a problem faced by every business every day. And as businesses modernize and they become more digital and move to the cloud, there's cybersecurity nightmares and cybersecurity problems are only getting greater. Okay, so, couple that with the fact that as you say by 2020, and everybody has a different variation of the statistic, but we're working on the basis that by 2020, there will be in the region of 2 million unfilled cybersecurity posts around the world. So at IBM security, we're looking to understand how we can reduce the complexity, reduce the need for vast numbers of staff and augment our capabilities, all of our products and services with artificial intelligence in order to relieve this gross skills gap. Well, I have to say, this is our 10th year now doing theCUBE, Lisa. And I was downstairs earlier and I saw, I guess I call my friend, Pat Gelsinger, was walking into the keynote in the high five. And nine years ago, I asked Pat Gelsinger theCUBE, is security a do-over because of cloud? And he said flat out, yes, it actually is. So I wonder, so much has changed in the last decade. You mentioned data, you mentioned artificial intelligence. The bad guys have gotten way more sophisticated. You have this new thing called the edge. And so, I don't know if it's a do-over or an evolving rapidly, but what are your thoughts on the changing nature of security? You know, first of all. Well, I think the security landscape is changing for sure, and the attack surface is changing because you've got to remember that as all of our, and more and more devices, and all of our devices become smarter and become connected to the internet, we're basically just increasing the attack surface and increasing the opportunity for cyber attacks and cyber criminals to hack in and get into our networks. Okay, so as we move to the cloud and we embrace an API economy, so we're using APIs to access our applications, then once again, we're opening up our capabilities, open means open to us and to others. So the need to design security into everything we do and not append security as a perimeter around what we create is becoming more and more important. Well, we can't do that just because I think something also that you mentioned, sorry, Dave, is with the proliferation of devices, you know, billions of devices, the perimeter is so amorphous, there's enclaves on top of enclaves on top of enclaves. Absolutely. I'm curious though, how is AI from IBM going to help companies protect themselves from their people who might be not doing things necessarily maliciously, unintentionally, but that's one of the biggest common denominators, I think in security, that is the biggest, how do we protect people? You nailed it. I mean, you know, can I remember the stat, but I do know that more than 50% of breaches result from the inside and that's not necessarily people being malicious. I mean, you have a combination of people who just don't adopt the best security policies. So they're not using strong passwords, they're clicking on links, they're answering phone calls, they're doing something that's a little bit sloppy or a little bit insecure. And then, of course, you will have the malicious insider and there aren't very many of them, but they do exist. So the way the security industry is evolving to protect ourselves against the insider is firstly to look at access to our crown jewels and to make sure that only the people who need access to our crown jewels and to the most important assets within our businesses have that access. Okay, firstly, now secondly, we are developing capabilities that we call user-based analytics, user behavioral analytics. So we actually profile what is the normal behavior of a user? So a user in their job role, you know, who works the pattern that is normal for that user? You know, what is a normal behavior for that user? So that when, so that we allow the machine and the algorithms to learn that normal behavior, so that when that behavior becomes different or when that user does something anomalous that we can trigger an action, we can trigger an alert, we can do something about it. So user behavior analytics is the way we apply machine learning, artificial intelligence to the problem to keep us safe from the insider fumbling. Yes. Another big change, and I wonder if you could comment, is the way in which organizations approach security at the board level. It's become a board level topic. The conversation between this, whether it's the CISO or the CIO, and the board has evolved from really one of, oh yeah, we're doing everything we possibly can to, we're going to get breached. It's all about our response to that breach and here's the response mechanism. And so I wonder, based on your conversations, Mary, with executives, what you're seeing, what are they asking from IBM, just in terms of helping them specifically respond to the inevitable breaches? Okay, so there's a wide range of responses to that question, and it depends where you are in the globe, how sensitized the board is to security situations. They're all sensitized, but there are some parts of the globe where a breach of a regulation or, yeah, a regulation can put a board member in prison. Okay, so there's a motivation to. They're paying attention. They're paying attention, okay. So, but across the board we're seeing that the board has evolved their attention based on the fact that security used to be driven by compliance. It used to be driven by ticking a box to say you had a database protection in place and you had X, Y, Z in place. And then people became more sensitized to the next attack. So what was the next threat? What was the next attack on the next piece of malware? The next piece of ransomware. But now people have really got to the point and the board have really got to the point where they really realized that this isn't about when an adversary gets into your network or gets into your enterprise or your business. They get in. It's about how you respond to it, how you find them, how you remove them, how you respond to the breach. So at IBM Security we put a huge focus on training boards and their teams in how to respond to an incident because we got to get to the point where the response is muscle memory so that everybody knows their role, they know how they behave. And we're back to the people discussion again because everybody from the person who is at your reception desk, who may be the first person to meet the media as they come in your doors after an event, to the CISO who has responsibility to the president or CEO needs to understand their role and when they partake or when they back away and let the experts partake during the course of an incident. One of the things too that it's been widely known is it's taken upwards of two to 300 days before breaches are detected. How is IBM helping infuse AI into it, not just detect the portfolio but also the practices and the behaviors to start reducing that so it doesn't take as long to identify a breach that can cost millions of dollars? So yes, what we're doing here is we're working to reduce the complexity in people's cyber programs. So if you consider that in many of our clients shops, we will find up to 80 different security products from 40 different vendors. And that's an average that had been taken over time and we use that statistic all the time. And basically you have all of these tools and all of these products that have been bought to solve a security threat to Azure over several decades and they're all residing all of these products not talking to one another. Okay, so at IBM security what we're doing is we're applying technology and our capabilities to bring together the insights from all of these tools and to ensure that we can actually knit them together, correlate those insights to give a more holistic view, a faster view of what's relevant, what's pertinent to you in your industry, in your geo, in your business. So we look for the insights that are indicative of the most significant threat to you to help you get there, sort it, eradicate it, like quarantine or whatever you need to do to eliminate us. How about the skills gap? We talk about that a lot on theCUBE. There's more security professionals needed than are out there. What can you do about that? Is machine intelligence a possible answer, helping people to automate response? What are you saying? Absolutely, so there's a number of different responses. Absolutely infusing artificial intelligence, finding ways of reducing the amount of security data, the amount of security alerts that need to be responded to. So firstly, you need to reduce the noise so that you can find the needle in the haystack and our capabilities with machine learning and artificial intelligence and the various different algorithms we build into our products help along the way there. Okay, so you have that. In addition to that, you always have a need for the people, for the experts. So making sure that we infuse all of our practices, all of our, the people who are foot soldiers on the street, our consultants, our practitioners to make sure that we hire the best, the brightest and we put them around the geo so that they are distributed and able to help our clients. And then you heard Ginny yesterday talk about various different means of accelerating our ability to bring more people into the workflows using our P-TECH initiative within IBM. So we're looking to go out to schools where you wouldn't necessarily have a feed our kids with an opportunity to find jobs in the cybersecurity space or in many professional spaces, finding them, training them, tapping them, encouraging them. And we've seen several people come through the P-TECH schools into the cybersecurity space. And we've also embraced the return to work for people who have taken career breaks, either to mind elder day relatives or to bring up kids or whatever. So we have a number of programs running in various parts of the world where we're introducing people back into the workforce and training them to become cyber experts. I got to ask you, as a security executive, does Quantum keep you up at night? Quantum does not keep me up at night because IBM are the leaders in this space. And as leaders in this space, we work with the research and developers in the IBM Research Labs to ensure that our security practices are keeping in lockstep with Quantum and our algorithms are changing so that we can, you know, stay ahead of the Quantum race. It's in the hands of the good guys right now. It certainly is. Let's keep it that way if we can. Last question, Mary. There is, as I mentioned in the very beginning, there are four campuses here where the 30,000 plus attendees can learn. What are some of the things that you're excited that the attendees here, customers, prospective customers, partners, analysts, are going to see, touch and feel from the security and resiliency campus? At the security and resiliency campus, the people here can see some of our latest innovations and capabilities. And they can see our new platform, our new security platform is called IBM Security Connect. And this is, you know, our capability that we've just launched to actually reduce the complexity in people's cyber programs and help bring lots of these products, these siloed products and the insights from them together to give, you know, a much sharper view of the threat to your business. So there's a very good demonstration of that. You can see a very good demonstration of the breadth of our portfolio. You can talk to some of our consultants, talk to our instant response specialists. You know, you can be scared of what's out there and see that your security is in good hands if you work with us. It sounds like a security candy store down there. We should go check it out. It sure is. Check out the flavors. Mary, exactly. Thanks so much for stopping by sharing with us what's new in IBM Security. And also how you guys are helping to influence behavior. I think that's a really important element. We thank you. We look forward to talking to you again. Thank you very much. We want to thank you for watching theCUBE. Lisa Martin with Dave Vellante live. IBM Think 2019 on theCUBE, stick around. We'll be right back shortly with our next guest.