 Live from San Francisco, it's theCUBE. Covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Welcome to theCUBE's coverage here in Moscone in San Francisco for RSA Conference 2020. I'm John Furrier, host of theCUBE, and you know, cybersecurity is the hottest thing, transforming businesses, and you know, old IT has to transform into, not only playing defense, but playing offense, and understand the threats, how to organize around it, and that's been a big part of this new next generation architecture, operations, and just mindset. We've got a great guest here to share his perspective, Luke Wilson, who's the Vice President of Intelligence for 4IQ, hot startup, but also former FBI counter, terrorism, a variety of other, DOD, State Department, tons of experience on both sides now on the commercial side. Luke, thanks for coming on. Thanks for having me. So obviously your background gives you a unique perspective, and you know, I've been in the commercial side, I haven't done any government service like you have, but I can tell you, IT and the enterprise, it's been boring. Oh yeah. You've got storage, provisioning storage, business servers. Cloud comes in, it gets exciting. Yeah. Startups are doing cloud native, lot more robust scale, and you're starting to see the new applications. With that, the security perimeter is gone. It's now a huge surface area. So the enterprise has to get more FBI-like, or more smarter around how they organize, how they hire, this is your world. Yes it is. What's your take on this? What's your view of the industry right now? Well, I think right now what you're seeing is this change from, you know, I hate to be cliche about it, but for years we've been playing whack-a-mole against the bad guys. I've seen that, you know, at my time at the FBI, and various government different agencies there. We're starting to see a shift of, all right, we want, they want to know, okay, how is this happening to them? So it's just not the what's happened. It's like, who's behind it? And you know, in today's arena with cyber security, you have to start figuring out what entity is behind these attacks, what they're going after, so you can start protecting that. But then also using that information and intelligence from there, sharing it with other business sectors, and then also turning that back inside so you can have some kind of preventive maintenance as well. I mean, you got a lot going on there. Used to be a nice little neat little industry in a box, security, buy some software, you got the servers, you got firewalls, all that nice stuff. Now you're talking about elaboration, operating models are changing. A whole new dimension and open source has given an ability to cloak, whether it's nation states can now be operating under stealth mode. You have all kinds of new dynamics. What does a company do? How do people solve this problem? There is no one answer for that. It's going to take a community, the community of protectors and groups that want to help solve these issues. In law enforcement, we always say, it's a cat and mouse game. We catch up to them and then they change a little, maybe a little bit here or there, and then we catch up to them again and we're just going to keep playing that game. But businesses, commercial businesses are starting to get into that mode as well of, hey, just because I defeated something today doesn't mean it's going to be right back at my door tomorrow. You and I saw each other last night at the General Alexander's talk, and he's always been all about offense, defense, and understanding visibility and signals. You know, there's a lot to do there. You got to know where things are coming from. There's a lot of shared responsibility, but shared work, right? There's a lot of redundancy going on in security now. And within companies and without companies. So the collaboration you mentioned is a big part. How do you see that evolving? You worked with the FBI counterterrorism. You kind of seen how this kind of thinking renders itself. How does that work in a commercial world? How do you see that evolving? Well, you have certain cyber centers that are built for that kind of model for helping commercial industries deal with that threat. There's no one tool, one company that can protect itself from a nation-state attack. We've seen that. So the best thing that's happening right now is people are starting to understand in order to get the entire, I would say the typology of the attack that's affecting you, you're going to have to share this information. You're going to have to learn from other groups, law enforcement, intelligence agencies are sharing. And it's, quite frankly, we're kind of late in the game of sharing, which the criminals have been doing this now for years, sharing that information, understanding who to attack and when to attack. Yeah, and they've been winning. So I got to ask you, as someone who's been in the industry now and I'm looking at both sides, you look at RSA this year, besides the headline of the coronavirus, we've just got a backdrop to all this. There's still a huge show here. And the trends are changing. It seems to be the same game, whack-a-mole on steroids, but now you've got cloud. What's new out there that's getting you excited? What do you think people should be paying attention to? Well, I think what people should be paying attention to is now a lot of the, I would say, the products and the tools that are coming out are actually being developed by people who are practitioners, have been in that space and understand what it takes in order to defeat the types of criminals that you're facing every day. I see a lot of products getting into the hoop. And for me, I think that's a very strong point now that you can't just keep saying, I closed this port and that port and this port and we're good. No, they're just going to change one little thing and come right back in. So I see a lot of tools, actor identification, big time, attribution, people are trying to get to the hoop in this space now in order to turn that back around for prevention as well. Something where normally this is an FBI, a federal government agency trying to figure out the hoop. A lot of the tools and some of the data today is helping out with that for private industry. So that's a great point, great insight by the way. I love that angle on that. What about real time? Because now real time is a big one and people are overworked. There's a pile of threat detection out there like, hey, there's some stuff happening in another company. So people are buying feeds, I get it. Now you need a data processing perspective. You got to get the data visualized. How do you see that whole challenge become an opportunity? Well, you know, we're a data driven society now, right? So everything has data connected to it. And you're getting that amount of data stream flowed into your commercial entity. First of all, it needs to be automated. You're going to have a lot of data to sift and sort through to understand what's actually happening here. So I think that live feed going real time is very helpful, but also put some contacts behind that and having that information fully digested so you can understand what's the threat, how's it coming at you, and then using that for prevention. It's a super exciting time. I want to get into your experience and how that translates into maybe your advice for people that are kind of waking up from whack-a-molte of kind of being more of a versatile athlete, if you will, tech athlete, cyber athlete. But I got to ask you about the idea of threats that are coming in that you've seen in the FBI that enterprises should be paying attention because I'll give you an example. I'll say, Luke, I'm good. My IT department's been covering this for years. I don't really have anything that's valuable, so I'm good. I got my patches done, so I don't really need to buy anything from you, or I'm good. Right. Not everyone's saying that, but that could be the mentality at different spectrum levels, right? So what do you say to that? Well, you know, besides I'm an idiot. You know, we see that a lot, and I think that's a very big naive approach about it. You know, you also have to start thinking about are you good with your insider threat? Are you good with your third-party risk, you know, threats? So there's so many things going down the line when you look at what it takes for, let's say, a large financial institution to run. What it takes for a large company like an Uber or Lyft to run. There's threats there, and if you're saying you don't have any threats and you're okay, then, you know, I would say that's another issue. You're being polite, you're being polite. What you're saying is, no, you're not okay. Yeah. Well, I mean, because if you think about it, if you're just running a small little manufacturing operation, I don't have any IP, but your operations is your IP, you might be exposed to ransomware. Exactly. Or, you know what I'm saying, there's always disruption. Yeah. This has been kind of an interesting mindset. It's not just what you think you have. Yeah. There's a holistic view. What's your take on the reaction to that? Yeah, it isn't a holistic view. You have to take that approach. You've seen what's happening nowadays, especially within the ransomware. You know, it may come from a third party that basically didn't secure their systems, but they knew exactly what they were doing, because they solely wanted to attack you. Yeah. And they knew the weakest link was three steps down. Yeah, yeah. You know, from you. And so that's exactly where they went to. You know, I love these conversations, and I'm a patriot, and I love to help our country. I do my best, and I'm really serving the government. But one of the things that I feel strongly about, and people know I rant about this all the time when I'm on theCUBE, is that digital war is happening. And I really believe that we're a free society, so you can't lock every door in this country. We've got borders, physical borders, so digital borders are, if we're open society, you can't really be defensive all the time. Yeah, very sure. So if someone does strike us, our answer has just even counter-strike back. Right. With the vengeance. Exactly. Which is how the deterrent is. But digitally, where's that line? I mean, if you drop troops in Manhattan, you know you're, we're being attacked. Yeah. What's the digital line in your opinion? Because this is something that no one's talking about, but it's kind of, paper cuts. There's a line of knowing, are we being attacked? It's the who? What's your view on this? I know it's a new emerging area. Yeah, I seem to, I think a little bit on both sides here. I want to do something back, but I don't think most, especially commercial businesses understand what that means to actually find some attribution and then say, you know, it is this entity or this country that's doing that. And it's kind of a slippery slope when you start getting into that. It's kind of a cutting edge societal issue because I mean, the government has a military to protect me. Right. So, but if I'm a cyber company, I got to build my own military, digital military. What are we talking about here? I mean, it's interesting. It's, again, that's why I start seeing a lot. If you look at the place, you know, around here, you start looking at some of these tools, they are offensive weapons when you look at them. These are weapons to understand, well, not weapons, but tools to understand who. And you already know what happened. And so now you get the who and the why, right? Yeah, you can't really strike back, but what you could do is turn that back inward and say, okay, I'm going to start preventing this stuff. Yeah, yeah, right. But then also, hey, I can go to, you know, the FBI and say, here's a nice neat packet of information on what happened to me and who we believe it to be. And that's where that conversation starts happening. I'm really excited by the digital twin and the simulation environments where you can start having flex scenarios to do, use some of this scenario-based planning so you can protect and plan for scenarios, which is reacting to it. Yeah, the digital training space is what you got there. And just like you stated earlier, right? You know, the United States military goes out here and trains for certain scenarios all the time. Companies have to start doing that because that's what's happening to them, you know? You're right on the money. I love the insight. Thanks for sharing your creative insight. I love that. You got to get the reps in. You got to do the operations. You got to nail that. So just give a quick plug before IQ. Thanks for sharing your awesome insight. What are you guys doing? What are you guys all about? What's your value proposition? Yeah, great. We're an identity intelligence company. What that means is that we have tools and products that's going to allow our clients get to that who. You know, and we also have tools that allow them to get to the what as well. So we're on both sides of the fence there. We're trying to get left a boom of what they call it. But our data and our intelligence allows these clients to find the bad guy. Very simple. We have some AI and machine learning built into there where it's almost like a click of a button I can expand and figure out who these individuals are and understand their TTPs. What we want to do is make automation of these different types of tools easier and faster for the clients to use. So you want to bring intelligence into their visibility space or data space Yes, actionable intelligence. Yeah, so basically into their digital space of understanding their attack surface, understanding what problems that they're having. And then we have, like I said, a lot of tools and I will call it intelligence. Who calls you up? Who's the customer? Who's the buyer? CIO, CISO, is it SOFAs? Who's buying your stuff? So mainly what we're into, a lot of cyber fraud fusion centers like that, law enforcement, intelligence agencies. I would say, I know for a fact that I wouldn't use this if I had this tool in the FBI. And a lot of, if you have a large digital footprint, we have cryptocurrency companies using this as well. You're seeing some pretty bad guys attacking your systems trying to defraud you. Our product helps you out with that. Look, great conversation. Thanks for coming on, appreciate the RSA coverage. Taking the show, what's the hot thing at the show? What's your favorite moment here? What's the big story here at RSA? I would say, for me, it's this sitting-to-one Ashton Martin sitting out front. Every year there's something different. I go to these Bitcoin conferences and I see they usually have Lamborghinis out front and now I see this happening. So I don't know if we're trending in that direction now. Getting that car, we're going to race away. Luke Wilson, beefy of intelligence, before IQ, here inside the queue, pre-cube coverage, RSA, I'm John Furrier. Thanks for watching.