 From Gillette Stadium in Foxborough, Massachusetts, it's theCUBE covering VTUG Winter Warmer 2019, brought to you by SiliconANGLE Media. Hi, I'm Stu Miniman and this is theCUBE's coverage of the VTUG Winter Warmer 2019. We talk about virtualization, we talk about cloud computing and in this segment we're going to talk about cybersecurity. Absolutely hugely important to every user out there and if it's not hugely important to them today, I don't know I want to do business with them. Helping me to dig into this conversation is Matt Kozlowski who's the Vice President of Professional Services at Winslow Technology Group. Matt, thanks so much for joining us. Thank you for having me. All right, so I set it up, cybersecurity. What I said, Matt, in my career, I remember back 15, 20 years ago, security would be top of mind, kind of bottom of budget. You've got great lip service, but when you looked at the project, if you look what's going off, it was like I didn't do it. Now that security project that I've been putting off for years, it's a board level discussion. Everybody needs to be paying attention to it, so it's got to be no better time to be in the cybersecurity business than today, right? You would think. So I would say a lot of organizations are taking the right steps that they need to in their budgeting and preparing for incidents or protecting themselves, but a lot of organizations still are just not taking the right steps to protect themselves and their patients or just their organization's information. Yeah, it's challenging because I say while it gets more attention, there's huge emphasis on it, and many companies are doing it, and boards do care about it. Dave Vellante, one of our hosts at theCUBE, something he said many times, he said, okay, do I feel more secure now than I did last year? And we've been doing this program for nine years, and every year it's like, oh my God, it seems scarier now than ever. That's a great, yeah. So how are we doing as an industry? Yeah, I think technology continues to get more complicated, which is part of it. Another part is just the way that technology is integrated into everyone's lives, whether it's their smart phone, their smart watch, their smart everything now, and the software behind the scenes is just incredibly complicated too. So things are getting more complicated, we rely on it a lot more, and it just gives more opportunity for hackers to do bad things. Yeah, so my background is in network and virtualization technology, and it used to be, you know, you talk about security products. It was like, oh well, I've got the firewall, or I've got something in the virtualization layer that does things. I heard, you know, the line that I hear that resonates with me is, security is everyone's responsibility. And where does it go? The answer is yes, everywhere, everything from, it can go down to the chip level to absolutely at the application level and everywhere in between. But boy, that sounds complicated. It is. So is it, you know, I need to have a security practice more than buying security, products and security mindset. Is that what you hear and what you recommend to clients? Yeah, it's a practice or a program. So you have to think of cybersecurity as that, like a program. It's about people, policies, the technology in place. I mean, one of the most common ways that malware gets into organizations is through a phishing attack. That's all social engineering. That's not exactly the most high-tech thing around, right? So there's an example of it on the people angle. Okay, so Matt, tell us a little bit about your background, you know, what you've been doing and maybe explain, so Winslow Technology Group, we're familiar, hopefully people have watched some of the videos we've done because they, you know, offer products that are made by other people. So, you know, Del, VMware and the like, Nutanix and things like that. So tell us your background and how security fits into that. So my background is in supporting enterprise, you know, environments in the past and then I became, you know, a consultant and now at Winslow. Winslow, yes, is a reseller of products but we also do services, which is kind of my role there too. So in a way, the services is Winslow's product, right? Yeah, absolutely. So is it consulting? Is it, you know, helping to bring in various products? Is it doing, you know, a comprehensive analysis? It's all of those things. So it's the comprehensive analysis. That's usually where things start, where we do a gap assessment and we figure out like, hey, even if you're not, you know, HIPAA regulated or fall under PCI compliance, maybe you just want to look at NIST as a framework to start with. That's a government standard for cybersecurity, right? So we can do a gap assessment against that and then figure out, well, you're deficient in awareness training or, you know, that firewall is not effective for what you needed to do. Things along those lines. Okay, so, you know, I mentioned earlier, you know, security can be lots of places. Is this a holistic approach do you have? Are you, you know, data center, SaaS, public cloud, all the above, everything in between? I think all of the above, yeah. It really starts with security as a philosophy and a way of doing things and then figuring out how that pipes down to the individual app, you know, app components and infrastructure. Okay, so, you know, I hear statements sometimes that it's, you know, it's not a question of if you will be hacked, but it's usually how soon you'll find out that you have been hacked. Yeah. Is it that dire? I mean, I feel like the weather is, you know, appropriate for what we have today. There's fog rolling in, the rain is pouring, there's no sunshine here. You know, give us some sunlight in and some, you know, how we can disinfect. You know, some of these challenges, you know, what are we doing well? Yeah. People are doing well in that they're actually talking about it now. I do see a lot of people doing things like awareness training and it's actually really become part of what people consider, even in like murders and acquisitions. Right up front, people are asking like, are they secure? How about we don't just connect their networks together and hope for the best, right? There's firewalls put in and even here today at VTUG, you see a lot about micro segmentation and what we're doing to containerize apps and secure, you know, software and applications from each other and, you know, have like almost a zero trust policy on the inside of the network too, not just on the perimeter. Well, that's great, because yeah, you know, I think back, you know, five years ago, it was the general conversation was, oh wait, I shouldn't do public cloud because it's not secure. And now it's like, look, we understand in many cases, public cloud is more secure than what I had. And many kind of just because they update things, you know, much more often they have thousands of people focused working on it as opposed to, how many people do you have maintaining and watching your environment? So yeah, maybe what are some of the hot segments you brought up, you know, containerization? You know, I remember, you know, can containers be secure? I've gone to, you know, the DockerCon show, the Kubernetes show and seems like it's still a major issue. That is, yes. Yeah, and in some ways too, I wonder if we're creating a problem in certain circumstances that way too, because now we're giving more power and more skill in different ways that, it just could be used in different ways that we didn't intend, I guess, right? I think in terms of segments though, where we see like the cloud adoption, one example is in medical space, right? So medical records incredibly important. When you think back to, you know, there's a server in the closet at my, you know, the private practice I go to, my PCP's office, you're like, how are you securing that? Like you're doctors, like, you know, you're good at keeping me alive, but what's going on there? A lot of private practices, just an example, have actually migrated to cloud-based systems for patient management. And I personally feel like that's more secure because doctors in that case can focus on what they're good at and they've offloaded, not necessarily all the risk, but a lot of the care and feeding and like all of the security to people who know what they're doing and they're good at it. So that's like an example. Have you talked to doctors? They know how to do this. Absolutely. They totally understand and have taken every, you know, thing to make sure that that absolutely is good. But yeah, maybe sometimes they understand that bringing in an expert that focus on that more than the, you know, one hour every couple of months would be there. So good to hear. What then, you know, what would you like to see from the vendor ecosystem out there to, you know, is there more training? Is it, you know, improvement of the products? I'd like to see some standardizations around the way products work with each other a little bit more. I mean, I think like, you know, you have vendor A, vendor B, vendor C creating all these really great products. And there's a lot going on from, you know, network monitoring and like deep analysis to different technologies on the endpoints themselves. So like traditional malware isn't, I mean it's a thing, but we're talking about more advanced protection, but really like a framework for all these products to talk to each other. Is that would, you know, allow, you know, cybersecurity consultants and engineers to really see all of this without being locked into some proprietary system as well. Yeah, ransomware has been, you know, a hot topic the last couple of years. Are we getting a good handle on that? The studies that I've read recently say that it's relatively leveling off. So it's not necessarily getting any worse, but it's not getting any better either. So yeah. Excellent. So what you're saying is you will not be put out of a job anytime soon, right? All right, I want to give you the final word, Matt. You know, 2019, you know, what's interesting you? What are some of the, you know, top initiatives that your customers are going to have going forward? So just in cybersecurity in general, just putting these programs together, doing the assessments they need. Enterprise customers are really interested in containers. We talked about that a little bit. So me this year, I want to do a little more, you know, investigation and figuring out like cybersecurity as it relates to containers and how enterprise environments can secure the containerized apps. All right, well, Matt, really appreciate you helping bring us up to speed on some of the state of cybersecurity here at 2019. And you're watching theCUBE's coverage of VTUG Winter Warmer 2019 here from Gillette Stadium, home of the AFC Championship New England Patriots, going off to Super Bowl 53 in just a week. Thank you for watching theCUBE.