Podcasts about Expo Hall

Our #intled #livechat comes to you from the Expo Hall at the #NAFSA2025 conference in San Diego. Reacting to all the news.

SkySwitch, the leading next-generation white-label UCaaS provider, announced today that it has launched a new option within their existing partner program, the Foundations program. The Foundations program offers all the benefits of its Wholesale program—a rock-solid UCaaS platform and technology with a wide range of features, backed by a team of experts, all delivered under the partners' brand—and additionally provides back-office support. See the podcast below. With the Foundations program, SkySwitch handles all the billing, taxation, and regulatory work while keeping the partner's brand front and center. By taking on the back-office tasks, it allows partners to focus on growing their brand and delivering communication solutions to their customers. The existing Wholesale program is still available for partners who have the resources and processes in place to manage the back-office billing, taxation, and regulatory tasks. Now partners have the option to choose the program that best suits their needs. “As a white-label provider, SkySwitch invests heavily in our partners' success. This goes beyond the product itself, and that's what the Foundations program is all about,” said David Hardy, General Manager of SkySwitch. “Not every partner has the desire, or bandwidth to manage these critical back-office and go-to-market functions. Having the option to outsource all that to the same partner that provides the underlying UCaaS technology can be a game-changer.” For more information about our new SkySwitch Foundations Partner Program, visit us at the Channel Partners Conference this week March 25-26 in Meeting Room 18 outside of the Expo Hall floor. ABOUT SKYSWITCH SkySwitch is the leading US-based white-label Unified Communications-as-a-Service (UCaaS) provider offering MSPs, VARs, telecom agents, interconnect ISPs, and WISPs, a cloud-based voice platform to brand as their own. With a thorough on-boarding process, we educate you on everything you need to know to start selling the most in-demand solution for a hybrid workforce. SkySwitch is a BCM One company.

Have questions, feedback, or thoughts on the show? We want to hear from you! Click on this link to send us a text message. In this episode of the Whole Grain Podcast, host Jim Lenz welcomes John Caupert, Executive Director of GEAPS, to discuss the transformational shifts happening in agriculture and what they mean for GEAPS members. Fresh off the success of GEAPS Exchange 2025, John reflects on key takeaways from the event, including the launch of groundbreaking educational initiatives like the Grain Processing Track, the Welcome to the Grain Industry Course, and the GEAPS Grain Industry Glossary.

On this week's Block Party Podcast, presented by Jai Alai IPA, Greg Wolf and Braydon Coburn are joined by Tampa Bay Lightning alums Shawn Chambers and Rob Ramage who were back in Tampa Bay for Alumni weekend recently. They discussed playing for an expansion team, hockey in Tampa Bay, playing at Expo Hall, what they are up to these days and so much more.See omnystudio.com/listener for privacy information.

Emmalee Laffey, a senior at Stockdale High School, places in the top 13 with her original sculpture submitted to the San Antonio Stock Show and Rodeo Western Art Contest, securing first place in her category! In addition to this impressive achievement, she was awarded a ,000 scholarship. Her artwork will be retained by the Western Art Committee and exhibited at The Briscoe Western Art Museum, as well as during the San Antonio Stock Show & Rodeo in February at the Expo Hall.Article Link

Three revelations from Red Hat Summit. Our on-the-ground report will separate fact from hype.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Core Contributor Membership: Save $3 a month on your membership, and get the Bootleg and ad-free version of the show. Code: MAYSupport LINUX UnpluggedLinks:

JOE OVERBY AND NICK ZULOVICH (WELL-KNOWN CONTRIBUTORS AND FRIENDS OF THE INDUSTRY) JOIN LIVE FROM AUTO INTEL SUMMIT 2024 WITH A DAY-ONE RECAP OF PANEL DISCUSSIONS, ENGAGING WORKSHOPS, EXPO HALL, AND EMERGING BUSINESS. This is Automotive Ecosystem on ATI.

On this week's show we compare Mini-LED vs OLED and we put a high end listening room based on products that were exhibited at this year's AXPONA show. We also read your email and look at the week's news. News: DirecTV and Dish Back Fubo in Its Spulu Antitrust Suit | Next TV Roku Upgrades Viewing Experience with New Features | TV Tech Hub: Smart TVs Now in Nearly 8 of 10 Homes | TV Tech Disney Plus Looking To Integrate Always-On Linear Channels Other: Credit cards abused again in second Roku hack affecting 576,000 - FlatpanelsHD NBCUniversal Launches Personalized, Hyperlocal Services via ATSC 3.0 | TV Tech Mini-LED vs OLED We are asked from time to time to recommend a particular TV or in some cases a technology. Right now, in our opinion, the best TV technology is OLED. But is it really the best overall? Let's take a look at OLED vs mini-LED in six important criteria. Sharpness and Resolution: Both OLED and Mini-LED TVs typically offer 4K resolution, with some models supporting higher resolutions. Therefore, in terms of sharpness and resolution, it's a tie between OLED and Mini-LED. Black Levels: OLED TVs excel in producing true blacks by individually turning off pixels. Mini-LED displays have not completely achieved this level of per-pixel control. In this aspect, OLED emerges as the winner for its superior black levels. Brightness and Contrast: OLED TVs offer deep blacks for infinite contrast ratio, while Mini-LED TVs can achieve higher brightness levels. Mini-LED takes the lead in brightness, while OLED wins in terms of contrast ratio. Color Quality: OLED TVs typically exhibit excellent color quality, often surpassing 100% of the sRGB color gamut. Although Mini-LED TVs may not reach these levels, this is more due to other factors like color filters rather than the Mini-LED technology itself. The winner in color quality is OLED. Viewing Angles: OLED TVs generally have wider viewing angles compared to LCD TVs, including those using Mini-LED technology. While Mini-LED TVs can vary based on the type of display used, OLED usually outperforms them in terms of viewing angles. Size and Price: In terms of size, both OLED and Mini-LED TVs are available in various sizes to suit different preferences. However, traditionally, OLED TVs have been more expensive compared to Mini-LED TVs, which could be a consideration for some buyers. Price and size considerations may vary based on individual preferences and budgets. So which one wins? It's our opinion that OLED has the absolute best picture but mini-LED is very close and unless you are looking at them side by side you won't notice. It really comes down to cost and since you can buy some really big mini-LED TVs for a quarter of the price, we give the nod to mini-LED. AXPONA 2024 AXPONA 2024 wrapped up last week. What is AXPONA you might ask? From their website:  AXPONA is a three-day experience featuring multiple hotel floors packed with over 200 listening rooms. The Expo Hall featuring The Record Fair, The Ear Gear Experience, and seminars. Whether you're a serious audiophile, a newcomer to high-end audio or simply a music lover, you'll find everything you need to immerse yourself in your favorite sounds.  It's very similar to “The Show” that we have out here in CA every year. This year it will be June 7-9 in Costa Mesa so come out and let's all go! While AXPONA exhibited products that most of us can buy, there are some that, quite frankly, are priced for people fly on their own jets. They probably don't even listen to podcasts, so let's make fun of them!! Kidding of course. Today, our very rich uncle who has $150,000 laying around has asked us to put a system together so he can listen to his extensive vinyl collection! Transrotor Tourbillon FMD The Tourbillon FMD is a premium turntable model with high-end features designed to deliver exceptional performance in the audio playback experience.  The Transrotor Tourbillon FMD stands out as a top-of-the-line turntable with innovative features and premium construction materials aimed at audiophiles seeking unparalleled sound quality and precision in vinyl playback. With its advanced FMD bearing technology, dual tone arm support, and included accessories, it offers a premium and comprehensive audio experience for discerning enthusiasts in the high-end turntable market. $60K with Cartridge Fern and Roby Amp No. 2 Amp No. 2 is our second collaboration with Michael Bettinger who has been designing and building amplifiers for nearly 40 years. Integrated amps make building a great high fidelity audio system easy. Our goal in this project was to produce something that will turn your living room into the best listening room possible. Fewer components, cables, and cost, but delivering world class audio into your home. $8500 (Add $350 if you want Isolation Feet)  Acora SRB Reference Loudspeaker Acora Acoustics loudspeakers are constructed using hand crafted, specially treated granite enclosures. The rigidity of granite far exceeds that of traditional particle board or wood enclosures. One of the benefits of this is as the SRB's drivers move to push air / create sound, the enclosure isn't absorbing this energy and dulling or smearing the sound. Another benefit of the Acora enclosure is it does not need internal bracing to “stiffen” the enclosure. This means no additional reflections inside the enclosure that will vibrate the low frequency driver and smear the sound. The SRB also utilizes world class drivers and a hand built crossover network, however the real secret to the Acora Sound is that you only hear these, not the enclosure. Sensitivity 86.5 db  Frequency Response 43Hz - 35KHz  58 lbs each $37,000 pair  

Liz Ryerson and Ty Underwood return to convey the physicalities and vibes of the GDC 2024 Expo Hall, while Brandon and Frank do their best to push preservation. Plus, Liz gives a definitive answer as to whether you should go to GDC. Hosted by Liz Ryerson, Ty Underwood, Brandon Sheffield and Frank Cifaldi. Edited by Esper Quinn, original music by Kurt Feldman. Segments**:** Liz and Ty scour the Expo Hall (00:33) Frank and Brandon cover history at the (36:14) Liz plays The Deja Vu Game with Evan Balster (51:31) Liz helps Robert Yang with a dilemma (01:00:24) Answers to “Is it worth going to GDC?” and/or “Should I go to GDC?” by Liz Ryerson (01:06:26) Discuss this episode in the Insert Credit Forums Insert Credit Gaiden is brought to you by patrons like you. Thank you. Subscribe: RSS, Apple Podcasts, Google Podcasts, Spotify, and more!

Liz Ryerson and Ty Underwood return to convey the physicalities and vibes of the GDC 2024 Expo Hall, while Brandon and Frank do their best to push preservation. Plus, Liz gives a definitive answer as to whether you should go to GDC. Hosted by Liz Ryerson, Ty Underwood, Brandon Sheffield and Frank Cifaldi. Edited by Esper Quinn, original music by Kurt Feldman. Segments**:** Liz and Ty scour the Expo Hall (00:33) Frank and Brandon cover history at the (36:14) Liz plays The Deja Vu Game with Evan Balster (51:31) Liz helps Robert Yang with a dilemma (01:00:24) Answers to “Is it worth going to GDC?” and/or “Should I go to GDC?” by Liz Ryerson (01:06:26) Discuss this episode in the Insert Credit Forums Insert Credit Gaiden is brought to you by patrons like you. Thank you. Subscribe: RSS, Apple Podcasts, Google Podcasts, Spotify, and more!

NORTH AMERICAN REPOSSESSORS SUMMIT (NARS) 2024 IS BACK IN ORLANDO APRIL 11-12TH WITH A PACKED AGENDA, EXPO HALL, AND LIST OF SPEAKERS SHOWCASING IMPORTANT ARA TOPICS FOR AUTO LENDERS INCLUDING BODY ARMOR ON REPO AGENTS. This is Tuesday Nights Live on ATI

This week, Dalanie and Katie talk about their goals for 2024. IN THIS EPISODE PURCHASE OUR MERCH!: https://www.classicallyblackpodcast.com/store JOIN US ON PATREON! https://patreon.com/ClassicallyBlackPodcast SIGN UP FOR OUR MAILING LIST! https://www.classicallyblackpodcast.com/newsletter-sign-up FOLLOW US ON SOCIAL MEDIA! https://linktr.ee/classicallyblack Donate to ISBM! https://fundraising.fracturedatlas.org/international-society-of-black-musicians Check out our website: https://www.isblackmusicians.com Come see us at SphinxConnect in Detroit! We'll have an Expo Hall table. Pay what you can registration is here: https://registration.socio.events/e/sphinxconnect2024 FROM LAST WEEK: Register for Notes Noire https://docs.google.com/forms/d/e/1FAIpQLSeN56JaI89cmwv5xDcLq889kE5eRvoBFsh_GRoBfAdkwbYM-A/viewform Help Emanuel attend Violin Making School https://www.gofundme.com/f/help-emanuel-attend-violin-making-school?utm_campaign=p_lico+share-sheet&utm_location=FIRSTTIME&utm_medium=copy_link&utm_source=customer Black Excellence: Endea Owens https://www.endeaowens.com/ Piece of the week: Sonata No. 1 in G major - Johann Sebastian Bach https://www.youtube.com/watch?v=bY9w4p5ybF8

This week, Dalanie and Katie talk about whether or not they think more classical musicians should podcast, and their joint article on the topic.. IN THIS EPISODE PURCHASE OUR MERCH!: https://www.classicallyblackpodcast.com/store JOIN US ON PATREON! https://patreon.com/ClassicallyBlackPodcast SIGN UP FOR OUR MAILING LIST! https://www.classicallyblackpodcast.com/newsletter-sign-up FOLLOW US ON SOCIAL MEDIA! https://linktr.ee/classicallyblack Donate to ISBM! https://fundraising.fracturedatlas.org/international-society-of-black-musicians Check out our website: https://www.isblackmusicians.com Come see us at SphinxConnect in Detroit! We'll have an Expo Hall table. Pay what you can registration is here: https://registration.socio.events/e/sphinxconnect2024 Ralph Yarl achieves special honor less than one year after Kansas City shooting https://fox4kc.com/news/ralph-yarl-achieves-special-honor-less-than-one-year-after-kansas-city-shooting/ To Podcast or Not to Podcast? Reflections from the Hosts of “Classically Black” https://icareifyoulisten.com/2023/11/podcast-reflections-from-hosts-classically-black/ FROM LAST WEEK: Register for Notes Noire https://docs.google.com/forms/d/e/1FAIpQLSeN56JaI89cmwv5xDcLq889kE5eRvoBFsh_GRoBfAdkwbYM-A/viewform Help Emanuel attend Violin Making School https://www.gofundme.com/f/help-emanuel-attend-violin-making-school?utm_campaign=p_lico+share-sheet&utm_location=FIRSTTIME&utm_medium=copy_link&utm_source=customer Black Excellence: Key'mon W. Murrah https://www.keymonmurrahcountertenor.com/ Piece of the week: The Journey Forward - Am're Ford https://www.youtube.com/watch?v=M1nG4T9AkiU

In this episode, I give you 5 reasons why you should be starting student portfolios in your classroom in 2024. Student portfolios really are the next wave in education and whether we like it or not, our students need be using them. If you enjoy this episode share it with a friend or colleague. Click here to read the full blog post on student digital portfolios. Buen provecho! The Book Is Officially Dropping 1/19/2024! My first book “Cooking Up Experiences In The Classroom: Focus On Experiences, Not Just Lessons” is being released January 19th, 2024. I'm super excited about this project. It's filled with ideas on how to make memorable experiences for your students. In addition, each chapter also lays out a specific recipe mentioned in that chapter along with a video tutorial on how to prepare that dish. Make sure you get your copy and cook up some experiences for your students and loved ones! See You At FETC 1/24 Meet The Author Experience Booth 2453 in the Expo Hall 1/25 Quick and Easy Projects w/ Canva at 12:30-2:30 in S331D 1/26 More Ways to Slay Vocabulary at 9-10 am in the Expo Hall booth 4711 FETC and TCEA Walking Food Tours If you're heading to FETC or TCEA, I'd love to see you at the official EdTech Bites Walking Food Tours I'll be hosting in Downtown Orlando and Austin. These are being sponsored by Kami and are going to be a hit at these conferences. For more information and how to sign up, click the blog post below: https://edtechbites.com/2024/01/09/edtech-bites-x-kami-fetc-and-tcea-walking-food-tours/ Connect With Gabriel Carrillo EdTech Bites Website: https://edtechbites.com EdTech Bites Twitter: https://twitter.com/edtechbites EdTech Bites Instagram: https://instagram.com/edtechbites EdTech Bites Threads: https://www.threads.net/@edtechbites EdTech Bites Facebook Page: https://facebook.com/edtechbites EdTech Bites YouTube Channel: https://www.youtube.com/channel/UCQCZcyW4BkCFQ5P2BLK61xg

This week, Dalanie and Katie talk about their goals for 2024. IN THIS EPISODE PURCHASE OUR MERCH!: https://www.classicallyblackpodcast.com/store JOIN US ON PATREON! https://patreon.com/ClassicallyBlackPodcast SIGN UP FOR OUR MAILING LIST! https://www.classicallyblackpodcast.com/newsletter-sign-up FOLLOW US ON SOCIAL MEDIA! https://linktr.ee/classicallyblack Donate to ISBM! https://fundraising.fracturedatlas.org/international-society-of-black-musicians Check out our website: https://www.isblackmusicians.com Come see us at SphinxConnect in Detroit! We'll have an Expo Hall table. Pay what you can registration is here: https://registration.socio.events/e/sphinxconnect2024 FROM LAST WEEK: Register for Notes Noire https://docs.google.com/forms/d/e/1FAIpQLSeN56JaI89cmwv5xDcLq889kE5eRvoBFsh_GRoBfAdkwbYM-A/viewform Help Emanuel attend Violin Making School https://www.gofundme.com/f/help-emanuel-attend-violin-making-school?utm_campaign=p_lico+share-sheet&utm_location=FIRSTTIME&utm_medium=copy_link&utm_source=customer Black Excellence: Endea Owens https://www.endeaowens.com/ Piece of the week: Sonata No. 1 in G major - Johann Sebastian Bach https://www.youtube.com/watch?v=bY9w4p5ybF8

In this special episode at Supply Chain Partners TV & Podcast, we are joined by Katie Date, the Senior Vice President, Industry Relations & Strategic Initiatives, of Manifest. Dr Sharyn Grant, Founder of Supply Chain Partners, and Katie discuss the event Manifest Vegas 2024: The Future of Supply Chain & Logistics, an International Showcase Connecting Global Supply Chains. Supply Chain Partners is a proud official partner of Manifest. ABOUT MANIFEST:Manifest Vegas 2024 brings together the most comprehensive ecosystem of those innovating and transforming end-to-end supply chain and logistics. Manifest Vegas takes place on February 5th – 7th, 2024 at Caesars Forum, Las Vegas, USA. The unique combination of a global audience with an all-star line-up of speakers, exhibitors and networking makes Manifest an experience no one will want to miss. Manifest Vegas 2024 is the largest global supply chain and logistics technology event in the world. It is an exciting event with a massive agenda, an incredible line up of speakers, and exhibitors covering the entire end-to-end supply chain. Manifest is a valued Event Member of Supply Chain Partners:https://www.supplychainpartners.co/nevada/las-vegas/members/manifestCompetition: Supply Chain Partners Members may enter the draw to win a complimentary pass to Manifest Vegas 2024 valued at US$2395 by emailing Supply Chain Partners Founder Dr Sharyn Grant at sharyn@supplychainpartners.co, stating that you are available and can commit to attending and funding your trip to Manifest Vegas 2024. Competition closes Friday 5 January 2024 AEDT. IN THIS EPISODE:In this special episode, we discuss what Manifest is all about and when and where is it being held. Katie explains who should attend, which companies are attending, and the number of people expected to attend. We discuss how the massive Manifest Agenda is organised, the topics being addressed, the number of speakers and the speakers presenting. Katie shares what can we expect to see at the Exhibition, the number of exhibitors, engaging activities in the Expo Hall, and the types of cutting-edge technology and innovations we can expect to see at Manifest. Key highlights:0:39 minutes: Introduction1:18 minutes: What Manifest is all about and when and where is it being held.1:49 minutes: Who should attend, which companies are attending, and the number of people expected.3:12 minutes: How the massive Agenda is organised, and the topics being addressed.4:43 minutes: The number of speakers and the speakers presenting.5:30 minutes: What we can expect to see at the Exhibition and the number of exhibitors.6:16 minutes: Engaging activities in the Expo Hall and networking opportunities.8:13 minutes: The types of cutting-edge technology and innovations we can expect to see at Manifest. Watch or listen now for the whole story. Register now for Manifest Vegas 2024, the premiere gathering that unites the entire eco-system of Fortune 500 global supply chain executives, logistics service providers, innovators and investors at the forefront of logistics tech and end-to-end supply chain. Experience unprecedented access to the people and technologies changing the way the world moves. Register Now for Manifest Vegas 2024 with your special Supply Chain Partners price:https://partner.manife.st/supplychainpartners  ___________________Supply Chain Partners is a multi-award winning global business and supply chain marketplace and professional community.https://www.supplychainpartners.coWe help the global business world to Discover, Connect and Collaborate, and build Industry Ecosystems using our valued Expert Members to improve and transform all Digital, Physical, People and Process aspects of your business and supply chain.Join our Expert Membership to promote your business, reach your target audience and develop your team:https://www.supplychainpartners.co/expert-membership Join our free Individual Membership to stay connected, informed and accelerate your business, supply chain & professional goals:https://www.supplychainpartners.co/individual-membership Learn more: https://www.supplychainpartners.co/join Your Supply Chain Partners membership provides you and your team with access to experts, innovative solutions, exclusive resources, member offers and Supply Chain Partners Online Events to accelerate your business, supply chain and professional goals.

Adnan Khan, Lead Security Engineer at Praetorian, joins Corey on Screaming in the Cloud to discuss software bill of materials and supply chain attacks. Adnan describes how simple pull requests can lead to major security breaches, and how to best avoid those vulnerabilities. Adnan and Corey also discuss the rapid innovation at Github Actions, and the pros and cons of having new features added so quickly when it comes to security. Adnan also discusses his view on the state of AI and its impact on cloud security. About AdnanAdnan is a Lead Security Engineer at Praetorian. He is responsible for executing on Red-Team Engagements as well as developing novel attack tooling in order to meet and exceed engagement objectives and provide maximum value for clients.His past experience as a software engineer gives him a deep understanding of where developers are likely to make mistakes, and has applied this knowledge to become an expert in attacks on organization's CI/CD systems.Links Referenced: Praetorian: https://www.praetorian.com/ Twitter: https://twitter.com/adnanthekhan Praetorian blog posts: https://www.praetorian.com/author/adnan-khan/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Are you navigating the complex web of API management, microservices, and Kubernetes in your organization? Solo.io is here to be your guide to connectivity in the cloud-native universe!Solo.io, the powerhouse behind Istio, is revolutionizing cloud-native application networking. They brought you Gloo Gateway, the lightweight and ultra-fast gateway built for modern API management, and Gloo Mesh Core, a necessary step to secure, support, and operate your Istio environment.Why struggle with the nuts and bolts of infrastructure when you can focus on what truly matters - your application. Solo.io's got your back with networking for applications, not infrastructure. Embrace zero trust security, GitOps automation, and seamless multi-cloud networking, all with Solo.io.And here's the real game-changer: a common interface for every connection, in every direction, all with one API. It's the future of connectivity, and it's called Gloo by Solo.io.DevOps and Platform Engineers, your journey to a seamless cloud-native experience starts here. Visit solo.io/screaminginthecloud today and level up your networking game.Corey: As hybrid cloud computing becomes more pervasive, IT organizations need an automation platform that spans networks, clouds, and services—while helping deliver on key business objectives. Red Hat Ansible Automation Platform provides smart, scalable, sharable automation that can take you from zero to automation in minutes. Find it in the AWS Marketplace.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. I've been studiously ignoring a number of buzzword, hype-y topics, and it's probably time that I addressed some of them. One that I've been largely ignoring, mostly because of its prevalence at Expo Hall booths at RSA and other places, has been software bill of materials and supply chain attacks. Finally, I figured I would indulge the topic. Today I'm speaking with Adnan Khan, lead security engineer at Praetorian. Adnan, thank you for joining me.Adnan: Thank you so much for having me.Corey: So, I'm trying to understand, on some level, where the idea of these SBOM or bill-of-material attacks have—where they start and where they stop. I've seen it as far as upstream dependencies have a vulnerability. Great. I've seen misconfigurations in how companies wind up configuring their open-source presences. There have been a bunch of different, it feels almost like orthogonal concepts to my mind, lumped together as this is a big scary thing because if we have a big single scary thing we can point at, that unlocks budget. Am I being overly cynical on this or is there more to it?Adnan: I'd say there's a lot more to it. And there's a couple of components here. So first, you have the SBOM-type approach to security where organizations are looking at which packages are incorporated into their builds. And vulnerabilities can come out in a number of ways. So, you could have software actually have bugs or you could have malicious actors actually insert backdoors into software.I want to talk more about that second point. How do malicious actors actually insert backdoors? Sometimes it's compromising a developer. Sometimes it's compromising credentials to push packages to a repository, but other times, it could be as simple as just making a pull request on GitHub. And that's somewhere where I've spent a bit of time doing research, building off of techniques that other people have documented, and also trying out some attacks for myself against two Microsoft repositories and several others that have reported over the last few months that would have been able to allow an attacker to slip a backdoor into code and expand the number of projects that they are able to attack beyond that.Corey: I think one of the areas that we've seen a lot of this coming from has been the GitHub Action space. And I'll confess that I wasn't aware of a few edge-case behaviors around this. Most of my experience with client-side Git configuration in the .git repository—pre-commit hooks being a great example—intentionally and by design from a security perspective, do not convey when you check that code in and push it somewhere, or grab someone else's, which is probably for the best because otherwise, it's, “Oh yeah, just go ahead and copy your password hash file and email that to something else via a series of arcane shell script stuff.” The vector is there. I was unpleasantly surprised somewhat recently to discover that when I cloned a public project and started running it locally and then adding it to my own fork, that it would attempt to invoke a whole bunch of GitHub Actions flows that I'd never, you know, allowed it to do. That was… let's say, eye-opening.Adnan: [laugh]. Yeah. So, on the particular topic of GitHub Actions, the pull request as an attack vector, like, there's a lot of different forms that an attack can take. So, one of the more common ones—and this is something that's been around for just about as long as GitHub Actions has been around—and this is a certain trigger called ‘pull request target.' What this means is that when someone makes a pull request against the base repository, maybe a branch within the base repository such as main, that will be the workflow trigger.And from a security's perspective, when it runs on that trigger, it does not require approval at all. And that's something that a lot of people don't really realize when they're configuring their workflows. Because normally, when you have a pull request trigger, the maintainer can check a box that says, “Oh, require approval for all external pull requests.” And they think, “Great, everything needs to be approved.” If someone tries to add malicious code to run that's on the pull request target trigger, then they can look at the code before it runs and they're fine.But in a pull request target trigger, there is no approval and there's no way to require an approval, except for configuring the workflow securely. So, in this case, what happens is, and in one particular case against the Microsoft repository, this was a Microsoft reusable GitHub Action called GPT Review. It was vulnerable because it checked out code from my branch—so if I made a pull request, it checked out code from my branch, and you could find this by looking at the workflow—and then it ran tests on my branch, so it's running my code. So, by modifying the entry points, I could run code that runs in the context of that base branch and steal secrets from it, and use those to perform malicious Actions.Corey: Got you. It feels like historically, one of the big threat models around things like this is al—[and when 00:06:02] you have any sort of CI/CD exploit—is either falls down one of two branches: it's either the getting secret access so you can leverage those credentials to pivot into other things—I've seen a lot of that in the AWS space—or more boringly, and more commonly in many cases, it seems to be oh, how do I get it to run this crypto miner nonsense thing, with the somewhat large-scale collapse of crypto across the board, it's been convenient to see that be less prevalent, but still there. Just because you're not making as much money means that you'll still just have to do more of it when it's all in someone else's account. So, I guess it's easier to see and detect a lot of the exploits that require a whole bunch of compute power. The, oh by the way, we stole your secrets and now we're going to use that to lateral into an organization seem like it's something far more… I guess, dangerous and also sneaky.Adnan: Yeah, absolutely. And you hit the nail on the head there with sneaky because when I first demonstrated this, I made a test account, I created a PR, I made a couple of Actions such as I modified the name of the release for the repository, I just put a little tag on it, and didn't do any other changes. And then I also created a feature branch in one of Microsoft's repositories. I don't have permission to do that. That just sat there for about almost two weeks and then someone else exploited it and then they responded to it.So, sneaky is exactly the word you could describe something like this. And another reason why it's concerning is, beyond the secret disclosure for—and in this case, the repository only had an OpenAI API key, so… okay, you can talk to ChatGPT for free. But this was itself a Github Action and it was used by another Microsoft machine-learning project that had a lot more users, called SynapseML, I believe was the name of the other project. So, what someone could do is backdoor this Action by creating a commit in a feature branch, which they can do by stealing the built-in GitHub token—and this is something that all Github Action runs have; the permissions for it vary, but in this case, it had the right permissions—attacker could create a new branch, modify code in that branch, and then modify the tag, which in Git, tags are mutable, so you can just change the commit the tag points to, and now, every time that other Microsoft repository runs GPT Review to review a pull request, it's running attacker-controlled code, and then that could potentially backdoor that other repository, steal secrets from that repository.So that's, you know, one of the scary parts of, in particular backdooring a Github Action. And I believe there was a very informative Blackhat talk this year, that someone from—I'm forgetting the name of the author, but it was a very good watch about how Actions vulnerabilities can be vulnerable, and this is kind of an example of—it just happened to be that this was an Action as well.Corey: That feels like this is an area of exploit that is becoming increasingly common. I tie it almost directly to the rise of GitHub Actions as the default CI/CD system that a lot of folks have been using. For the longest time, it seemed like a poorly configured Jenkins box hanging out somewhere in your environment that was the exception to the Infrastructure as Code rule because everyone has access to it, configures it by hand, and invariably it has access to production was the way that people would exploit things. For a while, you had CircleCI and Travis-CI, before Travis imploded and Circle did a bunch of layoffs. Who knows where they're at these days?But it does seem that the common point now has been GitHub Actions, and a .github folder within that Git repo with a workflows YAML file effectively means that a whole bunch of stuff can happen that you might not be fully aware of when you're cloning or following along with someone's tutorial somewhere. That has caught me out in a couple of strange ways, but nothing disastrous because I do believe in realistic security boundaries. I just worry how much of this is the emerging factor of having a de facto standard around this versus something that Microsoft has actively gotten wrong. What's your take on it?Adnan: Yeah. So, my take here is that Github could absolutely be doing a lot more to help prevent users from shooting themselves in the foot. Because their documentation is very clear and quite frankly, very good, but people aren't warned when they make certain configuration settings in their workflows. I mean, GitHub will happily take the settings and, you know, they hit commit, and now the workflow could be vulnerable. There's no automatic linting of workflows, or a little suggestion box popping up like, “Hey, are you sure you want to configure it this way?”The technology to detect that is there. There's a lot of third-party utilities that will lint Actions workflows. Heck, for looking for a lot of these pull request target-type vulnerabilities, I use a Github code search query. It's just a regular expression. So, having something that at least nudges users to not make that mistake would go really far in helping people not make these mista—you know, adding vulnerabilities to their projects.Corey: It seems like there's also been issues around the GitHub Actions integration approach where OICD has not been scoped correctly a bunch of times. I've seen a number of articles come across my desk in that context and fortunately, when I wound up passing out the ability for one of my workflows to deploy to my AWS account, I got it right because I had no idea what I was doing and carefully followed the instructions. But I can totally see overlooking that one additional parameter that leaves things just wide open for disaster.Adnan: Yeah, absolutely. That's one where I haven't spent too much time actually looking for that myself, but I've definitely read those articles that you mentioned, and yeah, it's very easy for someone to make that mistake, just like, it's easy for someone to just misconfigure their Action in general. Because in some of the cases where I found vulnerabilities, there would actually be a commit saying, “Hey, I'm making this change because the Action needs access to these certain secrets. And oh, by the way, I need to update the checkout steps so it actually checks out the PR head so that it's [testing 00:12:14] that PR code.” Like, people are actively making a decision to make it vulnerable because they don't realize the implication of what they've just done.And in the second Microsoft repository that I found the bug in, was called Microsoft Confidential Sidecar Containers. That repository, the developer a week prior to me identifying the bug made a commit saying that we're making a change and it's okay because it requires approval. Well, it doesn't because it's a pull request target.Corey: Part of me wonders how much of this is endemic to open-source as envisioned through enterprises versus my world of open-source, which is just eh, I've got this weird side project in my spare time, and it seemed like it might be useful to someone else, so I'll go ahead and throw it up there. I understand that there's been an awful lot of commercialization of open-source in recent years; I'm not blind to that fact, but it also seems like there's a lot of companies playing very fast and loose with things that they probably shouldn't be since they, you know, have more of a security apparatus than any random contributors standing up a clone of something somewhere will.Adnan: Yeah, we're definitely seeing this a lot in the machine-learning space because of companies that are trying to move so quickly with trying to build things because OpenAI AI has blown up quite a bit recently, everyone's trying to get a piece of that machine learning pie, so to speak. And another thing of what you're seeing is, people are deploying self-hosted runners with Nvidia, what is it, the A100, or—it's some graphics card that's, like, $40,000 apiece attached to runners for running integration tests on machine-learning workflows. And someone could, via a pull request, also just run code on those and mine crypto.Corey: I kind of miss the days when exploiting computers is basically just a way for people to prove how clever they were or once in a blue moon come up with something innovative. Now, it's like, well, we've gone all around the mulberry bush just so we can basically make computers solve a sudoku form, and in return, turn that into money down the road. It's frustrating, to put it gently.Adnan: [laugh].Corey: When you take a look across the board at what companies are doing and how they're embracing the emerging capabilities inherent to these technologies, how do you avoid becoming a cautionary tale in the space?Adnan: So, on the flip side of companies having vulnerable workflows, I've also seen a lot of very elegant ways of writing secure workflows. And some of the repositories are using deployment environments—which is the GitHub Actions feature—to enforce approval checks. So, workflows that do need to run on pull request target because of the need to access secrets for pull requests will have a step that requires a deployment environment to complete, and that deployment environment is just an approval and it doesn't do anything. So essentially, someone who has permissions to the repository will go in, approve that environment check, and only then will the workflow continue. So, that adds mandatory approvals to pull requests where otherwise they would just run without approval.And this is on, particularly, the pull request target trigger. Another approach is making it so the trigger is only running on the label event and then having a maintainer add a label so the tests can run and then remove the label. So, that's another approach where companies are figuring out ways to write secure workflows and not leave their repositories vulnerable.Corey: It feels like every time I turn around, Github Actions has gotten more capable. And I'm not trying to disparage the product; it's kind of the idea of what we want. But it also means that there's certainly not an awareness in the larger community of how these things can go awry that has kept up with the pace of feature innovation. How do you balance this without becoming the Department of No?Adnan: [laugh]. Yeah, so it's a complex issue. I think GitHub has evolved a lot over the years. Actions, it's—despite some of the security issues that happen because people don't configure them properly—is a very powerful product. For a CI/CD system to work at the scale it does and allow so many repositories to work and integrate with everything else, it's really easy to use. So, it's definitely something you don't want to take away or have an organization move away from something like that because they are worried about the security risks.When you have features coming in so quickly, I think it's important to have a base, kind of like, a mandatory reading. Like, if you're a developer that writes and maintains an open-source software, go read through this document so you can understand the do's and don'ts instead of it being a patchwork where some people, they take a good security approach and write secure workflows and some people just kind of stumble through Stack Overflow, find what works, messes around with it until their deployment is working and their CI/CD is working and they get the green checkmark, and then they move on to their never-ending list of tasks that—because they're always working on a deadline.Corey: Reminds me of a project I saw a few years ago when it came out that Volkswagen had been lying to regulators. It was a framework someone built called ‘Volkswagen' that would detect if it was running inside of a CI/CD environment, and if so, it would automatically make all the tests pass. I have a certain affinity for projects like that. Another one was a tool that would intentionally degrade the performance of a network connection so you could simulate having a latent or stuttering connection with packet loss, and they call that ‘Comcast.' Same story. I just thought that it's fun seeing people get clever on things like that.Adnan: Yeah, absolutely.Corey: When you take a look now at the larger stories that are emerging in the space right now, I see an awful lot of discussion coming up that ties to SBOMs and understanding where all of the components of your software come from. But I chased some stuff down for fun once, and I gave up after 12 dependency leaps from just random open-source frameworks. I mean, I see the Dependabot problem that this causes as well, where whenever I put something on GitHub and then don't touch it for a couple of months—because that's how I roll—I come back and there's a whole bunch of terrifyingly critical updates that it's warning me about, but given the nature of how these things get used, it's never going to impact anything that I'm currently running. So, I've learned to tune it out and just ignore it when it comes in, which is probably the worst of all possible approaches. Now, if I worked at a bank, I should probably take a different perspective on this, but I don't.Adnan: Mm-hm. Yeah. And that's kind of a problem you see, not just with SBOMs. It's just security alerting in general, where anytime you have some sort of signal and people who are supposed to respond to it are getting too much of it, you just start to tune all of it out. It's like that human element that applies to so much in cybersecurity.And I think for the particular SBOM problem, where, yeah, you're correct, like, a lot of it… you don't have reachability because you're using a library for one particular function and that's it. And this is somewhere where I'm not that much of an expert in where doing more static source analysis and reachability testing, but I'm certain there are products and tools that offer that feature to actually prioritize SBOM-based alerts based on actual reachability versus just having an as a dependency or not.[midroll 00:20:00]Corey: I feel like, on some level, wanting people to be more cautious about what they're doing is almost shouting into the void because I'm one of the only folks I found that has made the assertion that oh yeah, companies don't actually care about security. Yes, they email you all the time after they failed to protect your security, telling you how much they care about security, but when you look at where they invest, feature velocity always seems to outpace investment in security approaches. And take a look right now at the hype we're seeing across the board when it comes to generative AI. People are excited about the capabilities and security is a distant afterthought around an awful lot of these things. I don't know how you drive a broader awareness of this in a way that sticks, but clearly, we haven't collectively found it yet.Adnan: Yeah, it's definitely a concern. When you see things on—like for example, you can look at Github's roadmap, and there's, like, a feature there that's, oh, automatic AI-based pull request handling. Okay, so does that mean one day, you'll have a GitHub-powered LLM just approve PRs based on whether it determines that it's a good improvement or not? Like, obviously, that's not something that's the case now, but looking forward to maybe five, six years in the future, in the pursuit of that ever-increasing velocity, could you ever have a situation where actual code contributions are reviewed fully by AI and then approved and merged? Like yeah, that's scary because now you have a threat actor that could potentially specifically tailor contributions to trick the AI into thinking they're great, but then it could turn around and be a backdoor that's being added to the code.Obviously, that's very far in the future and I'm sure a lot of things will happen before that, but it starts to make you wonder, like, if things are heading that way. Or will people realize that you need to look at security at every step of the way instead of just thinking that these newer AI systems can just handle everything?Corey: Let's pivot a little bit and talk about your day job. You're a lead security engineer at what I believe to be a security-focused consultancy. Or—Adnan: Yeah.Corey: If you're not a SaaS product. Everything seems to become a SaaS product in the fullness of time. What's your day job look like?Adnan: Yeah, so I'm a security engineer on Praetorian's red team. And my day-to-day, I'll kind of switch between application security and red-teaming. And that kind of gives me the opportunity to, kind of, test out newer things out in the field, but then also go and do more traditional application security assessments and code reviews, and reverse engineering to kind of break up the pace of work. Because red-teaming can be very fast and fast-paced and exciting, but sometimes, you know, that can lead to some pretty late nights. But that's just the nature of being on a red team [laugh].Corey: It feels like as soon as I get into the security space and start talking to cloud companies, they get a lot more defensive than when I'm making fun of, you know, bad service naming or APIs that don't make a whole lot of sense. It feels like companies have a certain sensitivity around the security space that applies to almost nothing else. Do you find, as a result, that a lot of the times when you're having conversations with companies and they figure out that, oh, you're a red team for a security researcher, oh, suddenly, we're not going to talk to you the way we otherwise might. We thought you were a customer, but nope, you can just go away now.Adnan: [laugh]. I personally haven't had that experience with cloud companies. I don't know if I've really tried to buy a lot. You know, I'm… if I ever buy some infrastructure from cloud companies as an individual, I just kind of sign up and put in my credit card. And, you know, they just, like, oh—you know, they just take my money. So, I don't really think I haven't really, personally run into anything like that yet [laugh].Corey: Yeah, I'm curious to know how that winds up playing out in some of these, I guess, more strategic, larger company environments. I don't get to see that because I'm basically a tiny company that dabbles in security whenever I stumble across something, but it's not my primary function. I just worry on some level one of these days, I'm going to wind up accidentally dropping a zero-day on Twitter or something like that, and suddenly, everyone's going to come after me with the knives. I feel like [laugh] at some point, it's just going to be a matter of time.Adnan: Yeah. I think when it comes to disclosing things and talking about techniques, the key thing here is that a lot of the things that I'm talking about, a lot of the things that I'll be talking about in some blog posts that have coming out, this is stuff that these companies are seeing themselves. Like, they recognize that these are security issues that people are introducing into code. They encourage people to not make these mistakes, but when it's buried in four links deep of documentation and developers are tight on time and aren't digging through their security documentation, they're just looking at what works, getting it to work and moving on, that's where the issue is. So, you know, from a perspective of raising awareness, I don't feel bad if I'm talking about something that the company itself agrees is a problem. It's just a lot of the times, their own engineers don't follow their own recommendations.Corey: Yeah, I have opinions on these things and unfortunately, it feels like I tend to learn them in some of the more unfortunate ways of, oh, yeah, I really shouldn't care about this thing, but I only learned what the norm is after I've already done something. This is, I think, the problem inherent to being small and independent the way that I tend to be. We don't have enough people here for there to be a dedicated red team and research environment, for example. Like, I tend to bleed over a little bit into a whole bunch of different things. We'll find out. So far, I've managed to avoid getting it too terribly wrong, but I'm sure it's just a matter of time.So, one area that I think seems to be a way that people try to avoid cloud issues is oh, I read about that in the last in-flight magazine that I had in front of me, and the cloud is super insecure, so we're going to get around all that by running our own infrastructure ourselves, from either a CI/CD perspective or something else. Does that work when it comes to this sort of problem?Adnan: Yeah, glad you asked about that. So, we've also seen open-s—companies that have large open-source presence on GitHub just opt to have self-hosted Github Actions runners, and that opens up a whole different Pandora's box of attacks that an attacker could take advantage of, and it's only there because they're using that kind of runner. So, the default GitHub Actions runner, it's just an agent that runs on a machine, it checks in with GitHub Actions, it pulls down builds, runs them, and then it waits for another build. So, these are—the default state is a non-ephemeral runner with the ability to fork off tasks that can run in the background. So, when you have a public repository that has a self-hosted runner attached to it, it could be at the organization level or it could be at the repository level.What an attacker can just do is create a pull request, modify the pull request to run on a self-hosted runner, write whatever they want in the pull request workflow, create a pull request, and now as long as they were a previous contributor, meaning you fixed a typo, you… that could be a such a, you know, a single character typo change could even cause that, or made a small contribution, now they create the pull request. The arbitrary job that they wrote is now picked up by that self-hosted runner. They can fork off it, process it to run in the background, and then that just continues to run, the job finishes, their pull request, they'll just—they close it. Business as usual, but now they've got an implant on the self-hosted runner. And if the runners are non-ephemeral, it's very hard to completely lock that down.And that's something that I've seen, there's quite a bit of that on GitHub where—and you can identify it just by looking at the run logs. And that's kind of comes from people saying, “Oh, let's just self-host our runners,” but they also don't configure that properly. And that opens them up to not only tampering with their repositories, stealing secrets, but now depending on where your runner is, now you potentially could be giving an attacker a foothold in your cloud environment.Corey: Yeah, that seems like it's generally a bad thing. I found that cloud tends to be more secure than running it yourself in almost every case, with the exception that once someone finds a way to break into it, there's suddenly a lot more eggs in a very large, albeit more secure, basket. So, it feels like it's a consistent trade-off. But as time goes on, it feels like it is less and less defensible, I think, to wind up picking out an on-prem strategy from a pure security point of view. I mean, there are reasons to do it. I'm just not sure.Adnan: Yeah. And I think that distinction to be made there, in particular with CI/CD runners is there's cloud, meaning you let your—there's, like, full cloud meaning you let your CI/CD provider host your infrastructure as well; there's kind of that hybrid approach you mentioned, where you're using a CI/CD provider, but then you're bringing your own cloud infrastructure that you think you could secure better; or you have your runners sitting in vCenter in your own data center. And all of those could end up being—both having a runner in your cloud and in your data center could be equally vulnerable if you're not segmenting builds properly. And that's the core issue that happens when you have a self-hosted runner is if they're not ephemeral, it's very hard to cut off all attack paths. There's always something an attacker can do to tamper with another build that'll have some kind of security impact. You need to just completely isolate your builds and that's essentially what you see in a lot of these newer guidances like the [unintelligible 00:30:04] framework, that's kind of the core recommendation of it is, like, one build, one clean runner.Corey: Yeah, that seems to be the common wisdom. I've been doing a lot of work with my own self-hosted runners that run inside of Lambda. Definitionally those are, of course, ephemeral. And there's a state machine that winds up handling that and screams bloody murder if there's a problem with it. So far, crossing fingers hoping it works out well.And I have a bounded to a very limited series of role permissions, and of course, its own account of constraint blast radius. But there's still—there are no guarantees in this. The reason I build it the way I do is that, all right, worst case someone can get access to this. The only thing they're going to have the ability to do is, frankly, run up my AWS bill, which is an area I have some small amount of experience with.Adnan: [laugh]. Yeah, yeah, that's always kind of the core thing where if you get into someone's cloud, like, well, just sit there and use their compute resources [laugh].Corey: Exactly. I kind of miss when that was the worst failure mode you had for these things.Adnan: [laugh].Corey: I really want to thank you for taking the time to speak with me today. If people want to learn more, where's the best place for them to find you?Adnan: I do have a Twitter account. Well, I guess you can call it Twitter anymore, but, uh—Corey: Watch me. Sure I can.Adnan: [laugh]. Yeah, so I'm on Twitter, and it's @adnanthekhan. So, it's like my first name with ‘the' and then K-H-A-N because, you know, my full name probably got taken up, like, years before I ever made a Twitter account. So, occasionally I tweet about GitHub Actions there.And on Praetorian's website, I've got a couple of blog posts. I have one—the one that really goes in-depth talking about the two Microsoft repository pull request attacks, and a couple other ones that are disclosed, will hopefully drop on the twenty—what is that, Tuesday? That's going to be the… that's the 26th. So, it should be airing on the Praetorian blog then. So, if you—Corey: Excellent. It should be out by the time this is published, so we will, of course, put a link to that in the [show notes 00:32:01]. Thank you so much for taking the time to speak with me today. I appreciate it.Adnan: Likewise. Thank you so much, Corey.Corey: Adnan Khan, lead security engineer at Praetorian. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an insulting comment that's probably going to be because your podcast platform of choice is somehow GitHub Actions.Adnan: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

VMX 2023 was the largest conference and expo in the NAVC's history. Thousands of veterinary professionals from all over the world came to Orlando, Florida, to learn, network and have fun. It was the perfect opportunity for our staff veterinary technician, Sam Sacasa, to be on the Expo Hall floor and talk to her peers. In this edition of the VetFolio Voice podcast, join Sam as she gathers unique and thoughtful perspectives on important topics affecting veterinary technicians today.

DJ (C-4 Analytics), Kraig (ACV Auctions), Rich (Dignity Leadership), David (CIADA), Ita (Lendbuzz), Gig and Jason (Hansen & Adkins Auto Logistics); what a diverse crowd of independent thinkers at NIADA 2023! This is ATI at NIADA special live event audio.

Joe (Kinetic Advantage), Scott ("Stalwart Lot Rat"), Chris and Bob (ServNet Auction Group), Orlando (GWC Warranty), Kali (Carketa), Stan (Super Dispatch), Chris (PCG Digital), Paul (Black Book), & much more! This is ATI at NIADA special live event audio.

Our #intled #livechat comes to you from the Expo Hall at #NAFSA2023 where we talk about the full extent of how this conference settles in to its new normal, but still the annual meeting place for our international education profession.

Rich Mogull, SVP of Cloud Security at FireMon, joins Corey on Screaming in the Cloud to discuss his career in cybersecurity going back to the early days of cloud. Rich describes how he identified that cloud security would become a huge opportunity in the early days of cloud, as well as how cybersecurity parallels his other jobs in aviation and emergency medicine. Rich and Corey also delve into the history of Rich's involvement in the TidBITS newsletter, and Rich unveils some of his insights into the world of cloud security as a Gartner analyst. About RichRich is the SVP of Cloud Security at FireMon where he focuses on leading-edge cloud security research and implementation. Rich joined FireMon through the acquisition of DisruptOps, a cloud security automation platform based on his research while as CEO of Securosis. He has over 25 years of security experience and currently specializes in cloud security and DevSecOps, having starting working hands-on in cloud over 12 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).Links Referenced: FireMon: https://www.firemon.com/. Twitter: https://twitter.com/rmogull Mastodon: [https://defcon.social/@rmogull](https://defcon.social/@rmogull) FireMon Blogs: https://www.firemon.com/blogs/ Securosis Blogs: https://securosis.com/blog TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is Rich Mogull, SVP of Cloud Security over at FireMon now that I'm a bit too old to be super into Pokémon, so I forget which one that is. Rich, thanks for joining me. I appreciate it.Rich: Thank you. Although I think we need to be talking more Digimon than Pokémon. Not that I want to start a flame war on the internet in the first two minutes of the conversation.Corey: I don't even have the level of insight into that. But I will say one of the first areas where you came to my notice, which I'm sure you'll blame yourself for later, is that you are the security editor behind TidBITS, which is, more or less, an ongoing newsletter longer than I've been in the space, to my understanding. What is that, exactly?Rich: So, TidBITS is possibly the longest-running—one of the longest-running newsletters on the internet these days and it's focused on all things Apple. So, TidBITS started back in the very early days as kind of more of an email, I think like, 30 years ago or something close to that. And we just write a lot about Apple and I've been reading about Apple security there.Corey: That's got to be a bit of an interesting experience compared to my writing about AWS because people have opinions about AWS, particularly, you know, folks who work there, but let's be clear, there is nothing approaching the zealotry, I think I want to call it, of certain elements of the Apple ecosystem whenever there is the perception of criticism about the company that they favor. And I want to be clear here to make sure I don't get letters myself for saying this: if there's an Apple logo on a product, I will probably buy it. I have more or less surrounded myself with these things throughout the course of the last ten years. So, I say this from a place of love, but I also don't wind up with people threatening me whenever I say unkind things about AWS unless they're on the executive team.Rich: So, it's been a fascinating experience. So, I would say that I'm on the tail end of being involved with kind of the Mac journalist community. But I've been doing this for over 15 years is kind of what I first started to get involved over there. And for a time, I wrote most of the security articles for Macworld, or a big chunk of those, I obviously was writing over a TidBITS. I've been very lucky that I've never been on the end of the death threats and the vitriol in my coverage, even though it was balanced, but I've also had to work a lot—or have a lot of conversations with Apple over the years.And what will fascinate you is at what point in time, there were two companies in the world where I had an assigned handler on the PR team, and one was Apple and then the other was AWS. I will say Apple is much better at PR than [laugh] AWS, especially their keynotes, but we can talk about re:Invent later.Corey: Absolutely. I have similar handlers at a number of companies, myself, including of course, AWS. Someone has an impossible job over there. But it's been a fun and exciting world. You're dealing with the security side of things a lot more than I am, so there's that additional sensitivity that's tied to it.And I want to deviate for a second here, just because I'm curious to get your take on this given that you are not directly representing one of the companies that I tend to, more or less, spend my time needling. It seems like there's a lot of expectation on companies when people report security issues to them, that you're somehow going to dance to their tune and play their games the entire time. It's like, for a company that doesn't even have a public bug bounties process, that feels like it's a fairly impressively high bar. On some level, I could just report this via Twitter, so what's going on over there? That feels like it's very much an enterprise world expectation that probably means I'm out of step with it. But I'm curious to get your take.Rich: Out of step with which part of it? Having the bug bounty programs or the nature of—Corey: Oh, no. That's beside the point. But having to deal with the idea of oh, an independent security researcher shows up. Well, now they have to follow our policies and procedures. It's in my world if you want me to follow your policies and procedures, we need a contract in place or I need to work for you.Rich: Yeah, there is a long history about this and it is so far beyond what we likely have time to get into that goes into my history before I even got involved with dealing with any of the cloud pieces of it. But a lot about responsible disclosure, coordinated disclosure, no more free bugs, there's, like, this huge history around, kind of, how to handle these pieces. I would say that the core of it comes from, particularly in some of the earlier days, there were researchers who wanted to make their products better, often as you criticize various things, to speak on behalf of the customer. And with security, that is going to trigger emotional responses, even among vendors who are a little bit more mature. Give you an example, let's talk about Apple.When I first started covering them, they were horrific. I actually, some of the first writing I did that was public about Apple was all around security and their failures on security disclosures and their inability to work with security researchers. And they may struggle still, but they've improved dramatically with researcher programs, and—but it was iterative; it really did take a cultural change. But if you really want to know the bad stories, we have to go back to when I was writing about Oracle when I was a Gartner analyst.Corey: Oh, dear. I can only imagine how that played out. They have been very aggressive when it comes to smacking down what they perceive to be negative coverage of anything that they decide they like.Rich: Yeah, you know, if I would look at how culturally some of these companies deal with these things when I was first writing about some of the Oracle stuff—and remember, I was a Gartner analyst, not a vulnerability researcher—but I'm a hacker; I go to Blackhat and DEF CON. I'm friends with the people who are smarter than me at that or have become friends with them over the years. And I wrote a Gartner research note saying, “You probably shouldn't buy any more Oracle until they fix their vulnerability management process.” That got published under the Gartner name, which that may have gotten some attention and created some headaches and borderline legal threats and shade and all those kinds of things. That's an organization that looks at security as a PR problem. Even though they say they're more secure, they look at security as a PR problem. There are people in there who are good at security, but that's different. Apple used to be like that but has switched. And then Amazon is… learning.Corey: There is a lot of challenge around basically every aspect of communication because again, to me, a big company is one that has 200 people. I think that as soon as you wind up getting into the trillion-dollar company scale, everything you say gets you in trouble with someone, somehow, somewhere, so the easiest thing to do is to say nothing. The counterpoint is that on some point of scale, you hit a level where you need a fair bit of scrutiny; it's deserved at this point because you are systemically important, and them's the breaks.Rich: Yeah, and they have improved. A lot of the some of the larger companies have definitely improved. Microsoft learned a bunch of those lessons early on. [unintelligible 00:07:33] the product in Azure, maybe we'll get there at some point. But you have to—I look at it both sides a little bit.On the vendor side, there are researchers who are unreasonable because now that I'm on the vendor side for the first time in my career, if something gets reported, like, it can really screw up plans and timing and you got to move developer resources. So, you have outside influences controlling you, so I get that piece of it. But the reality is if some researcher discovered it, some China, Russia, random criminals are going to discover it. So, you need to deal with those issues. So, it's a bit of control. You lose control of your messaging and everything; if marketing gets their hands in this, then it becomes ugly.On the other hand, you have to, as a vendor, always realize that these are people frequently trying to make your products better. Some may be out just to extort you a little bit, whatever. That's life. Get used to it. And in the end, it's about putting the customers first, not necessarily putting your ego first and your marketing first.Corey: Changing gears slightly because believe it or not, neither you nor I have our primary day jobs focused on, you know, journalism or analyst work or anything like that these days, we focus on these—basically cloud, for lack of a better term—through slightly different lenses. I look at it through cost—which is of course architecture—and you look at it through the lens of security. And I will point out that only one of us gets called at three in the morning when things get horrible because of the bill is a strictly business-hours problem. Don't think that's an accident as far as what I decided to focus on. What do you do these days?Rich: You mean, what do I do in my day-to-day job?Corey: Well, it feels like a fair question to ask. Like, what do you do as far as day job, personal life et cetera. Who is Rich Mogull? You've been a name on the internet for a long time; I figured we'd add some color and context to it.Rich: Well, let's see. I just got back from a flying lesson. I'm honing in on my getting ready for my first solo. My side gig is as a disaster response paramedic. I dressed up as a stormtrooper for the 501st Legion. I've got a few kids and then I have a job. I technically have two jobs. So—Corey: I'm envious of some of those things. I was looking into getting into flying but that path's not open to me, given that I have ADHD. And there are ways around it in different ways. It's like no, no, you don't understand. With my given expression of it, I am exactly the kind of person that should not be flying a plane, let's be very clear here. This is not a regulatory thing so much as it is a, “I'm choosing life.”Rich: Yeah. It's a really fascinating thing because it's this combination of a physical and a mental challenge. And I'm still very early in the process. But you know, I cracked 50, it had always been a life goal to do this, and I said, “You know what? I'm going to go do it.”So, first thing, I get my medical to make sure I can actually pass that because I'm over 50, and then from there, I can kind of jump into lessons. Protip though: don't start taking lessons right as summer is kicking in in Phoenix, Arizona, with winds and heat that messes up your density altitude, and all sorts of fun things like that because it's making it a little more challenging. But I'm glad I'm doing it.Corey: I have to imagine. That's got to be an interesting skill set that probably doesn't have a huge amount of overlap with the ins and outs of the cloud business. But maybe I'm wrong.Rich: Oh God, Corey. The correlations between information security—my specialty, and cloud security as a subset of that—aviation, and emergency medicine are incredible. These are three areas with very similar skill sets required in terms of thought processes. And in the case of both the paramedic and aviation, there's physical skills and mental skills at the same time. But how you look at incidents, how you process things algorithmically, how you—your response times, checklists, the correlations.And I've been talking about two of those three things for years. I did a talk a couple years ago, during Covid, my Blackhat talk on the “Paramedics Guide to Surviving Cybersecurity,” where I talked a lot about these kinds of pieces. And now aviation is becoming another part of that. Amazing parallels between all three. Very similar mindsets are required.Corey: When you take a look at the overall sweep of the industry, you've been involved in cloud for a fairly long time. I have, too, but I start off as a cynic. I started originally when I got into the space, 2006, 2007, thinking virtualization was a flash in the pan because of the security potential impact of this. Then cloud was really starting to be a thing and pfff, that's not likely to take off. I mean, who's going to trust someone else to run all of their computing stuff?And at this point, I've learned to stop trying to predict the future because I generally get it 180 degrees wrong, which you know, I can own that. But I'm curious what you saw back when you got into this that made you decide, yeah, cloud has legs. What was that?Rich: I was giving a presentation with this guy, Chris Hoff, a good friend of mine. And Chris and I joined together are individual kind of research threads and were talking about, kind of, “Disruptive Innovation and the Future of Security.” I think that was the title. And we get that at RSA, we gave that at SOURCE Boston, start kind of doing a few sessions on this, and we talked about grid computing.And we were looking at, kind of, the economics of where things were going. And very early, we also realized that on the SaaS side, everybody was already using cloud; they just didn't necessarily know it and they called them Application Service Providers. And then the concepts of cloud in the very early days were becoming compelling. It really hit me the first time I used it.And to give you perspective, I'd spent years, you know, seven years as a Gartner analyst getting hammered with vendors all the time. You can't really test those technologies out because you can never test them in a way that an enterprise would use them. Even if I had a lab, the lab would be garbage; and we know this. I don't trust things coming out of labs because that does not reflect operational realities at enterprise scale. Coming out of Gartner, they train me to be an enterprise guy. You talk about a large company being 200? Large companies start at 3000 to 5000 employees.Corey: Does that map to cloud services the way that AWS expresses? Because EKS, you're going to manage that differently in an enterprise environment—or any other random AWS service; I'm just picking EKS as an example on this. But I can spin up a cluster and see what it's like in 15 minutes, you know, assuming the cluster gets with the program. And it's the same type of thing I would use in an enterprise, but I'm also not experiencing it in the enterprise-like way with the processes and the gating and the large team et cetera, et cetera, et cetera. Do you think it's still a fair comparison at that point?Rich: Yeah, I think it absolutely is. And this is what really blew my mind. 11 or 12 years ago, when I got my first cloud account setup. I realized, oh, my God. And that was, there was no VPC, there was no IAM. It was ephemeral—and—no, we just had EBS was relatively new, and IAM was API only, it wasn't in the console yet.Corey: And the network latency was, we'll charitably call it non-deterministic.Rich: That was the advantage of not running anything at scale, wasn't an issue at the time. But getting the hands-on and being able to build what I could build so quickly and easily and with so little friction, that was mind-blowing. And then for me, the first time I've used security groups I'm like, “Oh, my God, I have the granularity of a host firewall with the manageability of a network firewall?” And then years later, getting much deeper into how AWS networking and all the other pieces were—Corey: And doesn't let it hit the host, which I always thought a firewall that lets—Rich: Yes.Corey: —traffic touch the host is like a seatbelt that lets your face touch the dashboard.Rich: Yeah. The first thing they do, they go in, they're going to change the rules. But you can't do that. It's those layers of defense. And then I'm finding companies in the early days who wanted to put virtual appliances in front of everything. And still do. I had calls last week about that.But those are the things that really changed my mind because all of a sudden, this was what the key was, that I didn't fully realize—and it's kind of something that's evolved into something I call the ‘Grand Unified Theory of Cloud Governance,' these days—but what I realized was those barriers are gone. And there is no way to stop this as people want to build and test and deploy applications because the benefits are going to be too strong. So, grab onto the reins, hold on to the back of the horse, you're going to get dragged away, and it's your choice if your arm gets ripped off in the process or if you're going to be able to ride that thing and at least steer it in the general direction that you need it to go in.Corey: One of the things that really struck me when I started playing around with cloud for more than ten minutes was everything you say is true, but I can also get started today to test out an idea. And most of them don't work, but if something hits, suddenly I don't have the data center constraints, whereas today, I guess you'd call it, I built my experiment MVP on top of a Raspberry Pi and now I have to wait six weeks for Dell to send me something that isn't a piece of crap that I can actually take production traffic on. There's no okay, and I'll throw out the junky hardware and get the good stuff in once you start hitting a point of scale because you're already building on that stuff without the corresponding massive investment of capital to get there.Rich: Yeah well, I mean, look, I lived this, I did a startup that was based on demos at a Blackhat—sorry, at a Blackhat. Blackhat. Did some demos on stage, people were like, “We want your code.” It was about cloud security automation. That led to doing your startup, the thing called DisruptOps, which got acquired, and that's how I ended up at FireMon. So, that's the day job route where I ended up.And what was amazing for that is, to add on to what you said, first of all, the friction was low; once we get the architecture right, scalability is not something we are hugely concerned with, especially because we're CI/CD. Oh, no, we hit limits. Boom, let's just stand up a new version and redirect people over there. Problem solved. And then the ability to, say, run multiple versions of our platform simultaneously? We're doing that right now. We just had to release an entirely free version of it.To do that. It required back-end architectural changes for cost, not for scalability so much, but for a lot around cost and scheduling because our thing was event-driven, we're able to run that and run our other platform fully in parallel, all shared data structures, shared messaging structures. I can't even imagine how hard that would have not been to do in a traditional data center. So, we have a lot of freedom, still have those cost constraints because that's [laugh] your thing, but the experimentation, the ability to integrate things, it's just oh, my God, it's just exciting.Corey: And let's be clear, I, having spent a lot of time as a rat myself in these data centers, I don't regret handing a lot of that responsibility off, just because, let's not kid ourselves, they are better at replacing failed or failing hardware than I will ever be. That's part of the benefit you get from the law of large numbers.Rich: Yeah. I don't want to do all of that stuff, but we're hovering around something that is kind of—all right, so former Gartner analyst means I have a massive ego, and because of that, I like to come up with my own terms for things, so roll with me here. And it's something I'm calling the ‘Grand Unified Theory of Cloud Governance' because you cannot possibly get more egotistical than referring to something as your solution to the biggest problem in all of physics. The idea is, is that cloud, as we have just been discussing, it drops friction and it decentralizes because you don't have to go ask somebody for the network, you don't have to ask somebody for the server. So, all of a sudden, you can build a full application stack without having to call somebody for help. We've just never had that in IT before.And all of our governance structures—and this includes your own costs, as well as security—are built around scarcity. Scarcity of resources, natural choke points that evolved from the data center. Not because it was bad. It wasn't bad. We built these things because that's what we needed for that environment at the data center.Now, we've got cloud and it's this whole new alien technology and it decentralizes. That said, particularly for us on security, you can build your whole application stack, of course, we have completely unified the management interfaces in one place and then we stuck them on the internet, protected with nothing more than a username and password. And if you can put those three things together in your head, you can realize why these are such dramatic changes and so challenging for enterprises, why my kids get to go to Disney a fair bit because we're in demand as security professionals.Corey: What does FireMon do exactly? That's something that I'm not entirely up to speed on, just because please don't take this the wrong way, but I was at RSA this year, and it feels like all the companies sort of blend together as you walk between the different booths. Like, “This is what you should be terrified of today.” And it always turns into a weird sales pitch. Not that that's what you do, but it at some point just blinds me and overloads me as far as dealing with any of the cloud security space.Rich: Oh, I've been going to RSA for 20 years. One of our SEs, I was briefly at our booth—I'm usually in outside meetings—and he goes, “Do you see any fun and interesting?” I go—I just looked at him like I was depressed and I'm like, “I've been to RSA for 20 years. I will never see anything interesting here again. Those days are over.” There's just too much noise and cacophony on that show floor.What do we do? So—Corey: It makes re:Invent's Expo Hall look small.Rich: Yeah. I mean, it's, it's the show over at RSA. And it wasn't always. I mean, it was—it's always been big as long as I've been there, but yeah, it's huge, everyone is there, and they're all saying exactly the same thing. This year, I think the only reason it wasn't all about AI is because they couldn't get the printers to reprint the banners fast enough. Not that anybody has any products that would do anything there. So—you look like you want to say something there.Corey: No, no. I like the approach quite a bit. It's the, everything was about AI this year. It was a hard pivot from trying to sell me a firewall, which it seems like everyone was doing in the previous year. It's kind of wild. I keep saying that there's about a dozen companies that exhibit at RSA. A guess, there are hundreds and hundreds of booths, but it all distills down to the same 12 things. They have different logos and different marketing stories, but it does seem like a lot of stuff is very much just like the booth next to it on both sides.Rich: Yeah. I mean, that's—it's just the nature. And part of—there's a lot of reasons for this. We used to, when I was—so prior to doing the startup thing and then ending up at FireMon, I did Securosis, which was an analyst firm, and we used to do the Securosis guide to RSA every year where we would try and pick the big themes. And the reality is, there's a reason for that.I wrote something once the vendors lied to you because you want them to. It's the most dysfunctional relationship because as customers, you're always asking, “Well, what are you doing for [unintelligible 00:22:16]? What are you doing for zero trust? What are you doing for AI?” When those same customers are still just working on fundamental patch management and firewall management. But it doesn't stop them from asking the questions and the vendors have to have answers because that's just the nature of that part of the world.Corey: I will ask you, over are past 12 years—I have my own thoughts on this, but I want to hear your take on it—what's changed in the world of cloud security?Rich: Everything. I mean, I was one of the first to be doing this.Corey: Oh, is that all?Rich: Yeah. So, there's more people. When I first started, very few people doing it, nobody knew much about it outside AWS, we all knew each other. Now, we've got a community that's developed and there's people that know what they're doing. There's still a shortage of skills, absolutely still a shortage of skills, but we're getting a handle on that, you know? We're getting a bit of a pipeline.And I'd say that's still probably the biggest challenge faced. But what's improved? Well, it's a give-and-take. On one hand, we now have strategies, we have tools that are more helpful, unfortunately—I'll tell you the biggest mistake I made and it ties to the FireMon stuff in my career, in a minute; relates directly to this question, but we're kind of getting there on some of the tool pieces.On the other hand, that complexity is increasing faster. And that's what's made it hard. So, as much as we're getting more skilled people, better at tooling, for example, we kind of know—and we didn't have CloudTrail when I started. We didn't have the fundamental things you need to actually implement security at the start of cloud. Most of those are there; they may not be working the way we wish they always worked, but we've got the pieces to assemble it, depending on which platform you're on. That's probably the biggest change. Now, we need to get into the maturity phase of cloud, and that's going to be much more difficult and time-consuming to kind of get over that hump.Corey: It's easy to wind up saying, “Oh, I saw the future so clearly back then,” but I have to ask, going back 12 years, the path the world would take was far from certain. Did you have doubts?Rich: Like, I had presented with Chris Hoff. We—we're still friends—presented stuff together, and he got a job that was kind of clouding ancillary. And I remember calling him up once and going, “Chris, I don't know what to do.” I was running my little analyst firm—little. We were doing very, very well—I could not get paid to do any work around cloud.People wanted me to write shitty papers on DLP and take customer inquiries on DLP because I had covered that at the Gartner days, and data encryption and those pieces. That was hard. And fortunately, a few things started trickling in. And then it was a flood. It completely changed our business and led to me, you know, eventually going down into the vendor path. But that was a tough day when I hit that point. So, absolutely I knew it was the future. I didn't know if I was going to be able to make a living at it.Corey: It would seem that you did.Rich: Yeah. Worked out pretty well [laugh].Corey: You seem sprightly to me. Good work. You're not on death's door.Rich: No. You know, in fact, the analyst side of it exploded over the years because it turns out, there weren't people who had this experience. So, I could write code to the APIs, but they'll still talk with CEOs and boards of directors around these cloud security issues and frame them in ways that made sense to them. So, that was wonderful. We partnered up with the Cloud Security Alliance, I actually built a bunch of the CSA training, I wrote the current version of the CSA guidance, we're writing the next version of that, did a lot of research with them. They've been a wonderful partner.So, all that went well. Then I got diverted down onto the vendor path. I had this research idea and then it came out, we ended up founding that as a startup and then it got, as I mentioned, acquired by FireMon, which is interesting because FireMon, you asked what we did, it's firewall policy management is the core of the company. Yet the investors realize the company was not going in the right direction necessarily, to deal with the future of cloud. They went to their former CEO and said, “Hey, can you come back”—the founder of the company—“And take this over and start moving us in the right direction?”Well, he happened to be my co-founder at the startup. And so, we kind of came in and took over there. And so, now it's a very interesting position because we have this one cloud-native thing we built for all these years. We made one mistake with that, which I'll talk about which ties back to your predicting the future piece if you want to go into it, but then we have the network firewall piece now extending into hybrid, and we have an asset management moving into the attack surface management space as well. And both of those products have been around for, like, 15-plus years.Corey: No, I'm curious to your thoughts on it because it's been one of those weird areas where there's been so much change and so much evolution, but you also look at today's “OWASP Top 10” list of vulnerabilities, and yeah, they updated a year or so ago, but it still looks basically like things that—from 2008—would have made sense to me when I'm looking at this. Well, insomuch as they do now. I didn't know then, nor do I now what a cross-site scripting attack might be, but other than that, I find that there's, “Oh, you misconfigured something and it winds up causing a problem.” Well, no kidding. Imagine that.Rich: Yeah. Look, the fundamentals don't change, but it's still really easy to screw up.Corey: Oh, having done so a lot, I believe you.Rich: There's a couple of principles, and I'll break it into two sides. One is, a lot of security sounds simple. There's nothing simple at scale. Nothing simple scales. The moment you get up to even 200 employees, everything just becomes ridiculously harder. That's the nature of reality. Simplicity doesn't scale.The other part is even though it's always the same, it's still easy to think you're going to be different this time and you're not going to screw it up, and then you do. For example, so cloud, we were talking about the maturity. I assumed CSPM just wasn't going to be a thing. For real. The Cloud Security Posture Management. Because why would the cloud providers not just make that problem go away and then all the vulnerability assessment vendors and everybody else? It seemed like it was an uninteresting problem.And yet, we were building a cloud security automation thing and we missed the boat because we had everything we needed to be one of the very first CSPM vendors on the market and we're like, “No, no. That problem is going to go away. We'll go there.” And it ties back to what you said, which is it's the same stuff and we just outsmarted ourselves. We thought that people would go further faster. And they don't and they aren't.And that's kind of where we are today. We are dramatically maturing. At the same time, the complexity is increasing dramatically. It's just a huge challenge for skills and staffing to adjust governance programs. Like I think we've got another 10 to 20 years to go on this cloud security thing before we even get close. And then maybe we'll get down to the being bored by the problems. But probably not because AI will ruin us.Corey: I'd like to imagine, on some level, that AI could be that good. I mean, don't get me wrong. It has value and it is transformative for a bunch of things, but I also think a lot of the fear-mongering is more than a little overblown.Rich: No, I agree with you. I'm trying to keep a very close eye on it because—I can't remember if you and I talked about this when we met face-to-face, or… it was somebody at that event—AI is just not just AI. There's different. There's the LLMs, there's the different kinds of technologies that are involved. I mean, we use AI all over the place already.I mean my phone's got it built in to take better pictures. It's a matter of figuring out what the use cases and the, honestly, some of the regulatory structure around it in terms of copyright and everything else. I'm not worried about Clippy turning into Skynet, even though I might make jokes about that on Mastodon, maybe someday there will be some challenges, but no, it's just going to be another tech that we're going to figure out over time. It is disruptive, so we can't ignore that part of it.Corey: I really want to thank you for taking the time to speak with me. If people want to learn more, where's the best place to find you that isn't one of the Disney parks?Rich: That really is kind of the best place to find—no. So, these days, I do technically still have a Twitter presence at @rmogull. I'm not on there much, but I will get DMs if people send those over. I'm more on Mastodon. It's at @rmogull defcon.social. I write over at FireMon these days, as well as occasionally still over Securosis, on those blogs. And I'm in the [Cloud Security Slack community 00:30:49] that is now under the banner for CloudSec. That's probably the best place if you want to hit me up and get quick answers on anything.Corey: And I will, of course, include links to all of that in the show notes. Thank you so much for taking the time to speak with me today. I really appreciate it.Rich: Thanks, Corey. I was so happy to be here.Corey: Rich Mogull, SVP of Cloud Security at FireMon. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment talking about how at Dell these days, it does not take six weeks to ship a server. And then I will get back to you in six to eight weeks.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

In this episode of the Used Car Dealer Podcast, Zach is joined by Jeff Martin, CEO of NIADA, for a preview of the upcoming NIADA Convention 2023, they touch on key topics like regulatory compliance, overcoming used industry challenges, building stronger dealerships, and networking with federal agencies.Some of the questions asked include:Q) Why should someone think about attending the NIADA Convention this year?Q) Who should be brought from the dealership to this event? General manager, finance manager, who else should attend?Q) How long have you been involved with NIADA and attending their conventions?Q) What is different about this year's expo for dealers?Q) What can dealers expect to gain from the convention and Expo that will help them create a near immediate positive impact at their dealership?Q) Could you tell us a little more about what else attendees can expect from NIADA and the Expo Hall?Q) What excites you about the outlook for the used car marketplace this year?Q) What are some other events in 2023 that NIADA puts on?Q) If a dealer is listening and they're not yet a member of the NIADA, why should they join?Q) How do they sign up for their pass to go to NIADA?Listen to our other podcast episodes: https://www.sellyautomotive.com/podcastTranscribe of this podcast - https://blog.sellyautomotive.com/blog/jeffm/may2023

On this week's Block Party, Greg Wolf and Braydon Coburn are joined by the first Tampa Bay Lightning Head Coach, Terry Crisp, to talk about the first years with the Tampa Bay Lightning, his relationship with Phil Esposito including outscoring him in Juniors, playing in Expo Hall, playoff games in the Thunderdome, changes in the game today and curfew stories.

WATCHING TY INTRODUCE ANDREA MARTIN (REGIONAL SALES MANAGER, CALLREVU) TO DANA RANDAZZO (CHIEF OPERATING OFFICER, AUTO HAULER EXCHANGE) DURING OUR LIVE STREAM AT DIGITAL DEALER EXEMPLIFIES TRADE SHOW BUSINESS NETWORKING. This is a special event on ATI.

In this Medical Spa Show edition of Medical Spa Insider's Member Spotlight series, AmSpa's Membership Relationship Development Specialist Michela Bailey sits down with Lindsay Perkins, FNP-C, APRN, MSN, of Spa Trouvé; Cameron Moskos, PA-C and her team from Cameo Facial Aesthetics; and Ally Rucker, NP, of Spa Trouvé. Bailey hears about their Vegas and MSS experiences, covering: Their travel skin care lineup; The people, support and empowerment at MSS; Dinner reservations and entertainment in Vegas; Free samples and noteworthy booths at the Expo Hall; Favorite education tracks and the compliance factor; This year's Opening Night Party; And much more! Note: Episode may include explicit language.

In Episode 2 of Lightning Lore, Paul Kennedy talks with Tampa Bay Lightning Founders Phil Esposito and Henry Paul about staging an exhibition game at the ThunderDome and how they ended up playing their 1st season at Expo Hall.

In this Medical Spa Show edition of Medical Spa Insider's Member Spotlight series, AmSpa's Membership Relationship Development Specialist Michela Bailey sits down with Brandon Mullen, BSN, RN-BC, of Aiyana Atelier, Neekan Rivera, PA, of Aere Aesthetic, and Brandy Thompson, APRN-BC, of Prescription Beauty Medical Aesthetics. Bailey learns about their MSS experience, plus: Their dedication to skin care while traveling; How they spend their time in Vegas; What keeps them coming back to Medical Spa Show; Standout vendors in the Expo Hall; How fast the industry is growing; And more! Note: Episode may include explicit language.

Stephanie Brown, President of VAGP 2023, talks about the great event underway and priorities for the organization.

Welcome to the sixth episode of the Scrap Time Podcast! In this episode Ben Nissim and FaZe Crowder discuss Toronto Ultra winning Major 3 and the possibility of OpTic Texas winning a Major this year. You can expect to see new podcast episodes once a week moving forward on both YouTube and all audio platforms. Tweet Ben or Coach Crowder with any topics or suggestions for the podcast moving forward. You're feedback is always appreciated in making the experience better! Timestamps: (0:00) Major 3 Impressions - Crowd Noise, Expo Hall and Flank Setup (13:21) How to Improve Major Tournaments (29:14) Atlanta FaZe - Respawn Struggles (39:38) Toronto Ultra - Best Control Team, Scrappy MVP (50:48) OpTic Texas - 9 HP Win Streak, Lost Both HP's in Finals (1:03:16) London Royal Ravens - PaulEhx Replaced, Can They Stay Competitive (1:09:21) Boston Breach - How Can They Make a Final (1:20:39) New York Subliners - Hot and Cold Team, Other Teams Caught Up (1:29:14) LA Thieves - What Happened This Weekend (1:37:05) Seattle Surge - Tough G5R11 Loss vs Faze, Will They Still Be a Contender (1:48:07) Minnesota ROKKR - 0 Points This Split, Players Not Trying (2:04:01) Las Vegas Legion, LA Guerrillas, Florida Mutineers (2:17:23) Chat Q&A Follow The Hosts: Ben Nissim FaZe Crowder Watch Full Episodes: Scrap Time Podcast (YouTube)

Vendor relationships can be purely transactional, but the really high-value ones work more like partnerships. That's certainly what Bob Fisher, president and CEO of Tioga State Bank in Spencer, N.Y., found when his bank hired cybersecurity fintech Beauceron Security of New Brunswick, Canada. Beauceron cofounder and CEO David Shipley wants his company to be seen as a “worthy investment of time, effort and capital”—and it achieves this by treating clients like Tioga State Bank not as numbers but as true partners. As well as discussing the ins and outs of their partnership, including how ICBA's ThinkTECH Accelerator led them to each other, Fisher and Shipley offer tips for other community banks that want to forge or strengthen their own fintech relationships. This episode is sponsored by Finastra.  Links If you're joining your fellow community bankers at ICBA LIVE in Hawaii on March 12, 2023, check out the ICBA ThinkTECH Alumni Showcase on Sunday, March 12 at 8:30am, or stop by the Expo Hall on Sunday or Monday to catch up with Accelerator alumni like Beauceron Security. Lastly, you'll find stories of fintech collaboration in our monthly magazine, also called Independent Banker.    

Inside Startup Battlefield is back in our feed with episode three. There are 180 companies solving crucial problems that didn't make it to the Disrupt stage, but that doesn't mean they're making any less of an impact. TechCrunch writers Devin Coldewey and Harri Weber take us on a walk through the Expo Hall and let us listen into their conversations with a handful of the most interesting companies in the Battlefield 200.New episodes of Inside Startup Battlefield drop every Monday. Be sure to check out all of the other podcasts in the TechCrunch Podcast Network: Found, Equity, The TechCrunch Podcast, Chain Reaction and The TechCrunch Live Podcast.

Inside Startup Battlefield is back in our feed with episode three. There are 180 companies solving crucial problems that didn't make it to the Disrupt stage, but that doesn't mean they're making any less of an impact. TechCrunch writers Devin Coldewey and Harri Weber take us on a walk through the Expo Hall and let us listen into their conversations with a handful of the most interesting companies in the Battlefield 200.New episodes of Inside Startup Battlefield drop every Monday. Be sure to check out all of the other podcasts in the TechCrunch Podcast Network: Found, Equity, The TechCrunch Podcast, Chain Reaction and The TechCrunch Live Podcast.

Inside Startup Battlefield is back in our feed with episode three. There are 180 companies solving crucial problems that didn't make it to the Disrupt stage, but that doesn't mean they're making any less of an impact. TechCrunch writers Devin Coldewey and Harri Weber take us on a walk through the Expo Hall and let us listen into their conversations with a handful of the most interesting companies in the Battlefield 200.New episodes of Inside Startup Battlefield drop every Monday. Be sure to check out all of the other podcasts in the TechCrunch Podcast Network: Found, Equity, The TechCrunch Podcast, Chain Reaction and The TechCrunch Live Podcast.

 There are 180 companies solving crucial problems that didn't make it to the Disrupt stage, but that doesn't mean they're making any less of an impact. TechCrunch writers Devin Coldewey and Harri Weber take us on a walk through the Expo Hall and let us listen into their conversations with a handful of the most interesting companies in the Battlefield 200.New episodes of Inside Startup Battlefield drop every Monday. Be sure to check out all of the other podcasts in the TechCrunch Podcast Network: Found, Equity, The TechCrunch Podcast, Chain Reaction and The TechCrunch Live Podcast.

Will Bachman and Caribou Honig, a member of Harvard and Radcliffe's class of 1992, had a conversation about Caribou's journey since graduating. Caribou graduated from the University of Virginia with a JD MBA and got his first and only real job at Capital One. During his tenure, he met his soon to be wife and had a couple of kids. In 2006, Caribou left Capital One and took a year off to spend time with his family. He then co-founded a boutique venture capital firm and launched a couple of industry tech conferences. Hosting a Successful Conference Caribou was not expecting to be in the conference business, yet he found himself creating an industry tech conference. He began to focus on the subsector insure tech around 2015 and was looking for a good industry conference to attend. He couldn't find one to his liking so he decided to create his own and has since been running the conference successfully.  He explains how he created the world's largest Insurer Tech conference. With a partner, he launched the Insurer Tech Connect conference, which became a large success. Subsequently, they launched Transform, a conference focused on the impact of technology on the workplace. This year, they are launching other conferences such as Prop Tech, Logistics Tech, Food, and Ag Tech. Caribou shared that the process of creation was exciting and interesting for him. They lined up the venue and dates for the conference, which was held at the Las Vegas Convention Center. Tactics for a Successful Conference Caribou talks about how they organized and promoted a successful Insurtech conference in Las Vegas. They booked the Las Vegas Convention Center, set a goal of 600-1000 attendees, and ended up with 1500. They created a one-page PDF to explain the event and sent it to potential attendees and key speakers. They also asked venture capitalists to promote the event and offer discounts to their portfolio companies. In the end, the conference was a success, and it was gratifying to see 1000 people having conversations and networking. He was a VC at a conference that wanted to make it easier for people to meet and double opt-in to meetings. To do this, they created an app where people could see who else was attending, what they were interested in, and describe what they were looking for. In addition, they had flags at tables with numbers so that when people double opted-in to meetings they knew exactly where to meet at what time. However, they had more people than they had tables and flags, so they had to make do with tape on the floor and numbered squares. In the end, the solution worked and people appreciated the simple social engineering. Events for Venture Capitalists Will asks what makes the event great for a VC, and how that could be different from what other stakeholders like an entrepreneur might value. Caribou explains that vendors can be a difficult stakeholder to work with because they often come to events with the intention of making a sale. This does not align with the investor mindset, so vendors can sometimes get frustrated when they are not able to get on stage. The conversation highlights the tension between creating an event that is tailored to the needs of the VC and the needs of other stakeholders. The conversation discusses the post-COVID period, how people are now more eager to attend events, and that people are cutting back on attending certain events. Caribou suggests that certain categories of people, such as entrepreneurs gearing up to fundraise, can benefit from attending such events. Prequalifying People for a Conference Caribou and Will  discuss how to prequalify people for a conference. Caribou explains that they would not prohibit people from buying tickets and attending, as it would be exceptional and bad behavior. However, they need to curate what's on stage, so if a company is uninteresting to them, they won't be onstage. They are open to the idea of companies paying for space in the Expo Hall. Pay-to-play on stage is something they avoid, as it cheapens the quality of the product. The events are all held in Vegas, as it is neutral territory, has great logistics, and it is difficult for people to just pop in and out. This ensures all attendees get the most out of the event. Timestamps: 07:28 Planning a Successful Conference Event  11:46 Leveraging Word of Mouth and Earned Media for Event Promotion  14:11 Designing a Networking Event  15:57 VC Matchmaking at Honig Caribou Conference  19:58 Designing Events for VCs and Other Stakeholders  26:24 Social Engineering Design Insights: Bringing in Name Brand Artists to Increase Attendance  29:11 The Economics of Running a Conference  32:47 Impact of COVID-19 on B2B Trade Marketing and InsureTech Connect Conference  40:05 Prequalifying Attendees and Benefits of Hosting Events in Las Vegas  52:28 Investing in Innovative Companies and Harvard Courses  54:19 Overcoming Challenges in Physics Math Class  Links: Website: sempervirensvc.com  CONTACT INFO: linkedin.com/in/caribou Twitter: @caribou101

About PetePete is currently the Head of Growth And Community for AppMap, the open source dynamic runtime code analyzer. Pete also works with early stage startups, helping them navigate the complex world of early stage new product development.Pete also fully acknowledges his profile pic is slightly out of date, but has been too lazy to update it to reflect current hair growth trends.Links:AppMap: https://appmap.io/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: If you asked me to rank which cloud provider has the best developer experience, I'd be hard-pressed to choose a platform that isn't Google Cloud. Their developer experience is unparalleled and, in the early stages of building something great, that translates directly into velocity. Try it yourself with the Google for Startups Cloud Program over at cloud.google.com/startup. It'll give you up to $100k a year for each of the first two years in Google Cloud credits for companies that range from bootstrapped all the way on up to Series A. Go build something, and then tell me about it. My thanks to Google Cloud for sponsoring this ridiculous podcast.Corey: Cloud native just means you've got more components or microservices than anyone (even a mythical 10x engineer) can keep track of. With OpsLevel, you can build a catalog in minutes and forget needing that mythical 10x engineer. Now, you'll have a 10x service catalog to accompany your 10x service count. Visit OpsLevel.com to learn how easy it is to build and manage your service catalog. Connect to your git provider and you're off to the races with service import, repo ownership, tech docs, and more. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn and this is probably my favorite recurring episode slash tradition, every year. I drag Pete Cheslock on who talks with me about his experience at re:Invent. Last year, Pete, you didn't go. The year before, none of us went because it was all virtual, but it feels like we're finally getting back into the swing of things. How are you, Pete?Pete: I am doing great. It is always a pleasure. It was amazing to see other humans in person at a industry event. As weird as it sounds to say that, you know, it was great to be in Vegas [laugh], it was mostly great, just because there were other humans there too that I wanted to see.Corey: Because this is going to confuse folks who haven't been following our various adventures, these days, you are the Head of Growth and Community at AppMap. But you and I have been talking for years and you did a stint working at The Duckbill Group here with us as a cloud economist. Ah, I miss those days. It was fun working with you and being able to bother you every day as opposed to just on special occasions like this.Pete: Yeah, I know. I got to slide into your Slack DMs in addition, and then when I didn't get a response, I would slide into your Twitter DMs. It worked out perfectly. So yeah, it's been a wild ride. I mean, I took an interlude from my startup journey by continually working at tech startups.And yeah, I got to join onboard the Duckbill and have, you know, a really wonderful time cutting bills and diving into all of the amazing parts of people's Amazon usage. But I am also equally broken in my brain, and continually said to myself, “Maybe I'll do another startup.” [laugh].Corey: Right. And it turns out that we're not a startup. Everyone likes to think we are. It's like, oh, okay—like Amazon, for example, has us historically in their startup division as far as how they—the buckets as they put different accounts into. And if you look at us through that lens, it's yeah, we're a specific kind of startups, specifically a failing startup—or failed—because to us growth is maybe we'll hire one or two people next year, as opposed to, “Oh, yeah, we're going to TEDx this place.” No, yeah, we're building a lifestyle business very much by design.Pete: I'd be very curious how many account managers actually Duckbill has kind of churned through because usually, you get to keep your account manager if you're growing at a pretty incredible clip. And it's kind of a bellwether for, like, how fast are we—are we growing so fast that we have kept our account manager for multiple years?Corey: Your timing is apt. We're a six-year-old company and I just met our fourth account manager last week.Pete: [laugh].Corey: No it's, honestly, what happens with AWS account managers is the only way you get to keep them is if your spend trajectory on AWS matches their career trajectory inside of AWS. Because if you outpace them, they'll give you to someone that they view as being more senior, whereas if they outpace you, they're going to stop dealing with the small accounts and move on to the bigger ones. Honestly, at this point, I've mostly stopped dealing with my account managers. I had one that was just spectacular. It was sad to see him get promoted; good for him.But I get tired of trying to explain the lunacy that is me to someone on the AWS side every year. It just doesn't make sense because my accounts are super weird and when they try and suggest the usual things that work for 99.995% of AWS customers and things they care about, it falls to custard when it comes to me specifically. And that's not on them; it's because I'm weird and broken.Pete: I'm remembering now one of the best account managers that I ever worked with at a startup, years and years ago. She was with us for a couple of years, pretty solidly. And then, you know, because careers are long and jobs are short, when I was at The Duckbill Group again, doing work, turns out she was the account manager on this other thing, you know? Which, like, looking at the company she was account manager for was like 500x [laugh] my previous company, so I was like, “Oh, yeah. You're clearly moving up in the world because my company did not 500x.” So, sometimes you got to chase the ones who are.Corey: So, let's talk about re:Invent. This felt like the first re:Invent post-pandemic. And let's be clear, I wound up getting Covid by the end, so I don't recommend that to everyone. But let's be clear, this was not a re:Invent were anyone officially accepted that Covid existed. I was one of the only people wearing masks to most of the events I was at. Great load of good that did me.But it was big. It was the usual sixty-some-odd-thousand people that had been in previous years, as opposed to the hard cap of 30 or so that they had last year so it felt smaller and more accessible. Nope. Right back to bizarre numbers of people. But fewer sponsors than most years, so it felt like their budget was severely constrained. And they were trying to have not as many sponsors, but still an overwhelming crush of attendees. It felt odd, but definitely very large scale.Pete: Yeah, I can echo that a hundred percent. I'm sure we've talked about this in previous ones, but I've had the pleasure—well, I don't know, some might call it not a pleasure, but it's been a pleasure to watch re:Invent grow over so many years. I went to the first re:Invent. A company I was at actually sponsored it. And remembering back to that first re:Invent, it was kind of quaint by comparison.There were 4000 people at the first re:Invent, which again, it's a big conference, especially when a lot of the conferences that I think I was really attending at the time were like, you know, 600, 1000, maybe tops. To go to a 4000-person event in Vegas especially, it's again, in the same Expo Hall it's been since that first one, it still felt big. But every person stayed in the Venetian. Pretty much everyone was in the same hotel, all of the attendees that year. All the talks were there.There was, you know, a lot [laugh]—I mean, a lot less of everything that was there. And so, watching it grow over time, not only as a sponsor because I've actually been—kind of worked re:Invent as a, like, a booth person for many of these years for multiple different sponsors and had to coordinate that aspect of it, but then also a couple of times just being more, like, attendee, right, just someone who could go and kind of consume the content. This year was more on the side of being more of an attendee where I got to just kind of experience the Expo Hall. You know, I actually spent a lot of time in the Expo Hall because a big part of why I was there was—Corey: To get t-shirts.Pete: Yeah, we'll get to—I was running low on not only t-shirts but socks. My socks were really worse for wear the last few years. I had to, like, re-up that, right [laugh]?Corey: Yeah, you look around. It's like, “Well, none of you people have, like, logoed pants? What's the deal here? Like, I have to actually buy those myself. I don't—I'm not here to spend money.”Pete: Yeah, I know. So. And so yeah, this year, it felt—it was like Covid wasn't a thing. It wasn't in anyone's mind. Just walking around—Vegas in general, obviously, it's kind of in its own little bubble, but, you know, I've been to other events this year that were much more controlled and had a lot more cautious attendees and this was definitely not like that at all. It felt very much, like the last one I was at. The last one I was at was 2019 and it was a big huge event with probably 50,000-plus people. And this one felt like to me at least, attendee-wise, it definitely felt bigger than that one in a lot of ways.Corey: I think that when all is said and done, it was a good event, but it wasn't necessarily what a lot of folks were expecting. What was your take on the content and how the week played out?Pete: Yeah, so I do, in many ways, kind of miss [laugh] the event of yore that was a little bit more of a targeted, focused event. And I understand that it will never be that kind of event anymore. Maybe they start splitting it off to be, you know, there's—just felt much more like a builder event in previous years. The content in the keynotes, you know, the big keynotes and things like that would be far more, these big, iterative improvements to the cloud. That's something that always felt kind of amazing to see. I mean, for years and years, it was like, “Who's ready for another re:Invent price drop?” Right? It was all about, like, what's the next big price drop going to be?Corey: Was it though because I never was approaching with an eye toward, “Oh, great. What are they going to cut prices on now?” That feels like the least interesting things that ever came out of re:Invent, at least for me. It's, what are they doing architecturally that lets me save money, yes. Or at least do something interesting architecturally, great. I didn't see Lambda when it first came out, for example, as a cost opportunity, although, of course, it became one. I saw it as this is a neat capability that I'm looking forward to exploring.Pete: Yeah, and I think that's what was really cool about some of those early ones is these, like, big things would get released. Like, Lambda was a big thing that got released. There was just these larger types of services coming out. And I think it's one of your quotes, right? Like, there's a service for everyone, but every service isn't for everyone.Corey: Yeah.Pete: And I feel like, you know, again, years ago, looking back, it felt like more of the services were more geared towards the operational, the early adopters of Amazon, a lot of those services was for those people. And it makes sense. They got to spread out further, they've got to have kind of a wider reach to grow into all of these different areas. And so, when they come out with things that, yeah, to me, I'm like, “This is ridiculous feature. Who would ever use this?” Like, there's probably a dozen other people at different companies that are obscenely excited because they're at some enterprise that has been ignored for years and now finally they're getting the exact tooling that they need, right?Corey: That made sense for a long time. I think that now, the idea that we're going to go and see an Andy Jassy-era style feature drop of, “Here's five new databases and a whole new compute platform and 17,000 more ways to run containers,” is not necessarily what is good for the platform, certainly not good for customers. I think that we're seeing an era of consolidation where, okay, you have all these services to do a thing. How do I pick which one to use? How do I get onto a golden path that I can also deviate from without having to rebuild everything? That's where customers seem to be. And it feels like AWS has been relatively slow to acknowledge or embrace that to me.Pete: Yeah, a lot of the services, you know, are services they're probably building for just their own internal purposes, as well. You know, I know, they are for a while very motivated to get off anything Oracle-related, so they started building these services that would help migrate, you know, away from Oracle because they were trying to do it themselves. But also, it's like, there's still—I mean, I talk with friends of mine who have worked at Amazon for many years and I'm always fascinated by how excited they are still to be there because they're operating at a scale that just doesn't exist anywhere else, right? It's like, they're off on their lone island that go into work somewhere else is almost going backwards because you've already solved problems at this lower level of scale. That's obviously not what you want to be doing anymore.And at the scale that they're at for some of these services, even like the core services, the small improvements they're making, they seem so simple and basic, like a tiny EBS improvement, you're like, “Ugh, that's so boring.” But at their level of scale for, like, something like an EBS, like one of those top five services, the impact of that tiny little change is probably even so amazingly impactful. Like it's just so huge [laugh], you know, inside that scope of the business that is just—that's what—if you really start pulling the thread, you're like, “Wow, actually, that is a massive improvement.” It just doesn't feel that way because it's just oh, it's just this tiny little thing [laugh]. It's like, just almost—it's too simple. It's too simple to be complex, except at massive scale.Corey: Exactly. The big problem I ran into is, I should have noticed it last year, but it was Adam Selipsky's first re:Invent and I didn't want to draw too many conclusions on it, but now we have enough dots to make a line—specifically two—where he is not going to do the Andy Jassy thing of getting on stage and reading off of a giant 200 item list of new feature and service announcements, which in AWS parlance, are invariably the same thing, and they wind up rolling all of that out. And me planning my content schedule for re:Quinnvent around that was a mistake. I had to cancel a last-minute rebuttal to his keynote because there was so little there of any substance that all would have been a half-hour-long personal attack and I try not to do that.Pete: Mmm. Yeah, the online discussion, I feel like, around the keynote was really, like, lackluster. It was yeah, like you said, very devoid of… not value; it's not really the right word, but just substance and heft to it. And maybe, look, we were just blessed with many, many years of these dense, really, really dense, full keynotes that were yeah, just massive feature drops, where here's a thing and here's a thing, and it was almost that, like, Apple-esque style kind of keynote where it was like, we're just going to bombard you with so many amazing things that kind of is in a cohesive storyline. I think that's the thing that they were always very good about in the past was having a cohesive story to tell about all of these crazy features.All of these features that they were just coming out with at this incredible velocity, they could weave the story around it. And you felt like, yeah, keynote was whatever hour, two hours long, but it would go by—it always felt like it would go by quickly because they were just they had down kind of really tight messaging and kept your attention the whole way through because you were kind of like, “Well, what's next? There's always—there's more. There's got to be more.” And there would be, right? There would be that payoff.Corey: I'm glad that they recognized that what got them here won't get them there, but I do wish that they had done a better job of signaling that to us in more effective ways. Does that make any sense?Pete: Yeah, that's an interesting… it's kind of an interesting thought exercise. I mean, you kind of mentioned before earlier, before we started recording, the CMO job is still available, it's still open [laugh] at AWS. So, if this was a good way to attract a top-tier CMO, I'd almost feel like if you were that person to come in and be like, “Hey, this did not work. Here are the following reasons and here's what you need to do to improve it.” Like, you might have a pretty solid shot of landing that role [laugh].Corey: Yeah, I'm not trying to make people feel intentionally bad over it. This stuff is very hard, particularly at scale. The problem I had with his keynote was not in fact that he was a bad speaker, far from it. He was good a year ago, he's clearly put work and energy into becoming better over the past year. From a technical analysis of how is Adam Selipsky as a public speaker, straight A's as far as I'm concerned, and I spent a lot of time focusing on this stuff myself as a professional speaker myself. I have no problems with how he wound up delivering any of the content. My problem was with the content itself. It feels like he was let down by the content team.Pete: Yeah, it definitely felt not as dense or as rich as we had come to expect in previous years. I don't think it was that the content didn't exist. It's not like they didn't build just as much, if not way, way more than they have in previous years. It just seemed to just not be part of the talk.I don't know. I always kind of wonder, too, is this just an audience thing? Which is, like, maybe I'm just not the audience for his talk, right? Was there someone else in that Expo Hall, someone else watching the stream, that was just kept on the edge of their seat hearing these stories? I don't know. I'm really kind of curious. Like, you know, are we only representing this one slice of the pie, basically?Corey: I think part of the problem is that re:Invent has grown so big, that it doesn't know what it wants to be anymore. Is it a sales event? By the size of the Expo Hall, yeah, it kind of is. Is it a partner expo where they talk about how they're going to milk various companies? Possibly. There's certainly one of those going on.There was an analyst summit that I attended for a number of days during re:Invent this year. They have a whole separate thing for press. The community has always been a thriving component of re:Invent, at least for me, and seeing those folks is always terrific. Is it supposed to be where they dump a whole bunch of features and roadmap information? Is it time for them to wind up having executive meetings with their customers? It tries to be all of those things and as a result, at this scale it feels like it is failing to be any of them, at least in an effective, cohesive way.Pete: Yeah, and you really nailed each of the personas, like, of a re:Invent attendee. I've talked to many people who are considering going to re:Invent, and they're, “I don't really know if I want to go, but I really want to go to some sessions, and I really want to do this.” And I always have to kind of push back and say, “Look, if you're only going there to attend talks,” like, just don't bother, right? As everyone knows, the talks are all recorded, you can watch them later. I did have conversations with some engineer, principal engineer level software folks that were there and the prevailing consensus from chatting with those folks, kind of anecdotally, is that, like, they had actually a lot of struggles even getting into some of these sessions, which for anyone who has been to re:Invent in the last, I don't know, four or five years, like, it's still a challenge, right?There's—you got to register for a lot of these talks way far in advance, there'll be a standby list, there'll be a standby line. It's a lot of a lot. And so, there's not usually a ton of value there. And so, I always try to say, like, “If you're going to re:Invent your, kind of, main purpose to go would be more for networking,” or just you're going because of the human interaction that you hope to get out of it, right, the high bandwidth conversations that are really hard to do in other areas. And I think you've nailed a bunch of those, right? Like, an analyst briefing is really efficient if you can get all the analysts in a room versus doing one-off analyst meetings.Meeting with big enterprises and hearing their thoughts and feelings and needs and requirements, you can get a lot of those conversations. And especially, too, if, like, talking to an enterprise and they got a dozen people all spread over the world, well you can get them all in one room, like, that's pretty amazing in this world. And then on the sales side, I feel like granted, I spent most of my time in the Expo Hall, but that was probably the area that I think you said earlier which I really picked up on, which was the balance between sponsors and attendees felt out of whack. Like it felt like there were way more attendees than the sponsors that I would have kind of expect to see.Now, there were a lot of sponsors on that Expo Hall and it took days. I mean, I was on the Expo Hall for days walking around and chatting with different companies and people. But one of the things that I saw that I have never seen before was a number of sponsorship booths, right—and these are booths that are, like, prebuilt, ten by ten-foot size or the smaller ones—that were blanks. They were like, you know, like, in a low-quality car where you have blank buttons that, like, if you paid more you get that feature. Walking around, there was a nonzero number of just straight-up empty booth, blank booths around which, I don't know, like, that felt kind of telling. Like, did they not sell all their sponsorships? Has that ever happened? I don't even know. But this was I felt like the first I've had—Corey: Or did companies buy the sponsorship and then realize that it was so expensive to go on top of it, throwing bad money after good might not have made sense. Because again, when people—Pete: Right.Corey: —brought out these sponsorships, in many cases, it was in the very early days of the growing recession we've seen now. And they may have been more optimistic, their circumstances may certainly have changed. I do know that pricing for re:Invent sponsorships was lower this past year than it had been in previous years. In 2019, for example, they had two Expo Halls, one at the ARIA Quad and the other at the Venetian. They had just one this year, which made less running around on my part, but still.Pete: Yeah, I do remember that, that they had so many sponsors. What I would say about the sponsors that there's two parts of this that were actually interesting. One, you're definitely right. As someone who has sponsored re:Invent before and has had to navigate that world, you are likely going to commit to the sponsorship as early as June, you know, could even be earlier than June depending on how big of a thing that you're doing. But it's early. It's usually in the summertime that you're—if you haven't made a decision by the summertime, like, you could actually not get a booth, right?And this was, I remember, the last one that I had sponsored was maybe 2018, 2019. And, like, you don't want those last few booths. Like, they put you in the back and not a good way. But going there, were a lot of—I did notice a lot of booths that had pretty massive layoffs who still had the booths, you know, and again, large booths, large companies, which again, same thing. I kind of am like, “Wow, like, how many employees did that booth cost you, right?”Because like [laugh], some of these booths are hundreds of thousands of dollars to sponsor. And then the other thing that I actually noticed, too, which I was honestly a little surprised by, with the exception of the Datadog booth; I love my friends at Datadog, they have the most amazingly aggressive booth BDRs who are always just, they'll get you if you're, like, hovering near them. And there's always someone to talk to over there. Like, they staff it really, really well. But there were some other booths that I was actually really interested in talking to some of the people to learn about their technology, that I actually waited to talk to someone. Like, I waited for someone to talk to, and then finally I'm like, “You know what? I'm going to come back.”And then I came back and waited again. So, it's like, how many of these sponsors obviously spent a lot of money to go there, then months later, they start looking at the people that they have to support this, they've already had some layoffs and probably sent a much smaller audience there to actually, like, operate the booth.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: One bright light that I did enjoy and I always enjoy, though I'm not certain how actionable it is in the direct sense, was Peter DeSantis' Monday Night Live keynote. It was great. I mean, the one criticism I had of it—on Twitter at the time, before that thing melted and exploded—was that it was a bit mislabeled because it really should have been what it turned into midway through of surprise computer science lecture with Professor DeSantis. And I was totally there for it. But it was fun just watching some of the deep magic that makes this all work be presented in a way that most of us normally don't get to see.Pete: Well, this was the first year they did not do their Midnight Madness over-the-top kind of thing. And I also I don't recall that I saw them doing one of the other things I feel like is at night is they're, like, giant wing-eating competition. Am I wrong? Did they do that this year and I just missed hearing about it?Corey: They did not. Turns out that competitive Gluttony is not as compelling as it once was. But they also canceled their Midnight Madness event a month or two before re:Invent itself. What was super weird to me was that there was no event—community or otherwise—that sprung forth to seize that mantle. So, you had a whole bunch of people who were used to going for several hours that night to a big event with nothing to do.And at 9 p.m. they started just dumping a whole bunch of service releases in their blog and RSS feeds and the rest, and it just felt very weird and discordant. Like, do they think that we have nothing better to do than sit here and read through this on a Sunday night where we would have otherwise been at a party? Well yeah, in my case, I'm super sad and of course, I had nothing better to do that night. But most people had things going on.Pete: Yeah. Yeah, exactly. I think also, if you—maybe it's a little bit better now but I don't know when you have to buy that many chicken wings in advance, but with supply chains being what they are and the cost of chicken wings, I mean, not that I track the cost of chicken wings, except I absolutely do every time I go to Costco, they're up substantially. So, that was probably a contributing factor to the wing-eating contest: supply chain pain and suffering. But yeah, it's really interesting that just even in what some of the sponsors kind of were doing this year over previous years, I doubt they did this in 2021—but maybe, I don't know—but definitely not in 2019, something that I don't recall to this level was the sponsors essentially booking out entire restaurants near the venue every single day of the conference.And so again, if you were at this event like we were, and you at the end of the thing, were just like, I just want to sit and I've got a handful of friends, I want to sit and, like, have a drink, and just, like, chat and catch up and hear how the day went and everything else, finding a place to actually go to do that was very, very hard to do. And the thing that I noticed was—again, seemed like it was new this year; I don't recall it in 2019 to this level is, there were a lot of the big sponsors that had just booked a whole restaurant, breakfast, lunch, and dinner, like, from open to close, fully booked it, which was honestly, brilliant.Corey: Oh, yeah. If you bring 200, 300 people to an event, you've got to feed him somehow. And, “Hey, can we just rent out your restaurant for the entirety of this week?” Is not out of the question compared to what you'd even spend just reimbursing that sea of people to go and eat somewhere else.Pete: Exactly. The reason—I'm approaching this from, like, a business perspective—if I had a large group of enterprise salespeople and they need a place to book meetings, well, it's super compelling if I'm being courted by one of these salespeople and they're like, “Hey, come and have breakfast. Come and grab a coffee.” You know, and there's a place where you can sit down and quietly enjoy that meal or coffee while having a sale. Like, I'll have that sales conversation and I'm going to be way more motivated to show up to it because you're telling me it's like, this is where we're going to meet.Versus some of my friends were trying to, like, coordinate a lunch or a coffee and it's like, do we want to go to the Starbucks that has 500 people in line or do we want to walk four hotels, you know, down the street to find a bar that has video poker that no one will be sitting at and that we can just sit down and talk, right? It kind of felt like those were your two options.Corey: One thing that MongoDB did is rented out the Sugarcane restaurant. And they did this a couple of years in a row and they wound up effectively making it available to community leaders, heroes, and whatnot, for meetings or just a place to sit down and catch your breath. And I think that was a brilliant approach. You've gone to the trouble of setting this thing up for meetings for your execs and whatnot. Why not broaden it out?You can't necessarily do it for everyone, for obvious reasons, but it was nice to just reach out to folks in your orbit and say, “Yeah, this is something available to you.” I thought that was genius. And I—Pete: Oh yeah.Corey: —wish I thought of doing something like that. Let's be clear. I also wish I had rent-out-Sugarcane-for-a-week budget. But you know—Pete: [laugh].Corey: —we take what we can get.Pete: Yeah. That'll be a slight increase to the Spite Budget to support that move.Corey: Just a skosh, yeah.Pete: Yeah, the MongoDB, they were one that I do remember had done it similarly. I don't know if they had done it, kind of, full-time before, but a friend of mine work there, had invited me over and said, “Hey, like, come by, let's grab a drink. You know, we've got this hotel, you know, this restaurant kind of booked out.” And that was back in 2019. Really enjoyed it.And yeah, I noticed it was like, you know, basically, they had this area available, again, a place to sit down, to open your laptop, to respond to some emails, making it available to community people should have been a no-brainer to, really, all of these other sponsors that may have times of less kind of attendance, right? So obviously, at any of the big meals, maybe that's when you can't make it available for all the people you want to, but there's going to be off hours in between times that making that available and offering that up generates a supreme amount of goodwill, you know, in the community because you know, you're just looking for a place to sit out and drink some water [laugh].Corey: Yeah, that was one challenge that I saw across the board. There were very few places to just sit and work on something. And I'm not talking a lounge everywhere around every corner was needed necessarily or even advisable. No, the problem I've got was that I just wanted to sit down for two or three minutes and just type up an email quickly, or a tweet or something, and nope, you're walking and moving the whole time.Pete: Yeah. Now honestly, this would be a—this was a big missed opportunity for the Amazon event planning folks. There was a lot of unnecessary space usage that I understand why they had it. Here's an area you could play Foursquare, here's an area that had seesaws that you could sit on. Like, just, I don't know, kitschy stuff like that, and it was kind of off to the side or whatever.Those areas honestly, like, we're kind of off to the side, they were a little bit quieter. Would have been a great spot to just, like, load up some chairs and couches and little coffee tables and just having places that people could sit down because what ended up happening—and I'm sure you saw it just like I did—is that any hallway that had somewhere that you could lean your back against had a line of people just sitting there on their laptops because again, a lot of us are at this event, but we're also have jobs that we're working at, too, and at some point during the day, you need to check in, you need to check some stuff out. It felt like a lack of that kind of casual space that you can just relax in. And when you add on top of all the restaurants nearby being essentially fully booked, it really, really leaves you hanging for any sort of area to sit and relax and just check a thing or talk to a person or anything like that.Corey: Yeah, I can't wait to see what lessons get learned from this and how it was a mapping to next year, across the board. Like, I have a laundry list of things that I'm going to do differently at re:Invent next year. I do every year. And sometimes it works out; sometimes it really doesn't. And it's a constant process of improvement.I mean, one of the key breakthroughs for me was when I finally internalized the idea that, yeah, this isn't going to be like most jobs where I get fired in the next six months, where when I'm planning to go to re:Invent this is not the last re:Invent I will be at in my current capacity, doing what I do professionally. And that was no small thing. Where oh, yeah. So, I'm already making plans, not just for next re:Invent, but laying the groundwork for the re:Invent after that.Pete: Yeah, I mean, that's smart way to do it. And especially, too, when you don't consider yourself an analyst, even though you obviously are an analyst. Maybe you do consider yourself an analyst, but you're [laugh] more, you know, you're also the analyst who will go and actually use the product and start being like, “Why does this work the way it does?” But you're kind of a little bit the re:Invent target audience in a lot of ways, right? You're kind of equal parts on the analyst expert and user as well. It's like you kind of touch in a bunch of those areas.But yeah, I mean, I would say the one part that I definitely enjoyed was the nature walk that you did. And just seeing the amount of people that also enjoyed that and came by, it was kind of surreal to watch you in, like, full safari garb, basically meandering through the Expo Hall with this, like, trail of, like, backpacks [laugh] following you around. It was a lot of fun. And, you know, it's like stuff like that, where people are looking for interesting takes on, kind of, the state of something that is its own organism. Like, the Expo Hall is kind of its own thing that is outside of the re:Invent control. It's kind of whatever is made up by the people who are actually sponsoring it.Corey: Yeah, it was neat to see it play out. I'm curious to see how it winds up continuing to evolve in future years. Like right now, the Nature Walk is a blast, but it was basically at the top and I had something like 50 people following me around at one point. And that is too big for the Expo Hall. And I'm not there to cause a problem for AWS. Truly, I'm not. So, I need to find ways to embrace that in ways that don't kill the mojo or the energy but also don't create problems for, you know, the company whose backup I am perched upon, yelling more or less ridiculous things.Pete: [laugh]. I think it was particularly interested in how many people I'd be walking by and every once a while I would see, like, a friend of mine, someone actually working one of the booths and just be like, “What's going on here?” Like, I know one of my friends even said, “Yeah, like, nothing draws a crowd like a crowd.” And you can almost see more people [laugh] just, like, connecting themselves onto this safari train moving their way through. Yeah, it's a sight to see, that's for sure [laugh].Corey: Yeah, I'll miss aspects of this. Again, nothing can ever stay the same, on some level. You've got to wind up continuing to evolve and grow or you wind up more or less just frozen in place[ and nothing great ever happens for you.Pete: Yeah, I mean, again, Expo Hall has gone through these different iterations, and I—you know, when it does come to the event, as I kind of think back, I probably have spent most of my time actually in the Expo Hall, usually just related to the fact that, like, when you're a sponsor, like, you're just—that's where you're at. For better or worse, you're going to be in there. And especially if you're a sponsor, you want to check out what other sponsors are doing because you want to get ideas around things that you might want to try in later years. I mentioned Datadog before because Datadog to this day continues to have the best-designed booth ever, right? Like when it comes to a product that is highly demoable, I've been myself as a sponsor, it has always been a struggle to have a very effective demo setup.And I actually remember, kind of, recommending to a startup that I was at years ago, I'm doing a demo setup that was very, very similar to how Datadog did it because it was brilliant, where you have this, like, octagon around a main area of tables, and having double-sided demo stations. A lot more people are doing this now, but again, as I walked by I was again reminded just how effective that setup is because not only do you have people that just they don't want to talk, they just want to look, and they can kind of safely stand there and look, but you also have enough people staffing the booth for conversations that for, like me who actually might want to ask for questions, I don't have to wait and I can get an answer and be taken care of right away, versus some other booths. This year, one of the areas that I actually really enjoyed—and I don't even know the details of, like, how it all came about—but it looked like some sort of like Builder's Expo. I don't know if you remember walking by there, but there was a whole area of different people who had these little IoT or various powered things. One of them was, like, a marble sorting thing that was set up with a bunch of AWS services. I think there was like the Simple Beer Service V… four or five at this point. I had one of those iterations.It was some sort of mixture between Amazon software services that were powering these, like, physical things that you can interact with. But what was interesting is like, I have no idea, like, how it was set up, and who—I'm assuming it was Amazon specific—but each of these little booths were like chocked up with information about who they were and what they built, which gave it a feel of, like, this was like a last-minute builder event thing. It didn't feel like it was a highly produced thing. It had a much more casual feel to it, which honestly got me more interested to spend time there and check out the different booths.Corey: It was really nice to be able to go and I feel like you got to see all of the booths and whatnot. I know in previous years, it feels like you go looking for specific companies and you never find them. And you thought, “Oh”—Pete: [laugh].Corey: —“They must not have been here.” You find out after the fact, oh no, just you were looking in the wrong direction because there was so much to see.Pete: There were definitely still a couple of those. I had a list of a handful of booths I wanted to stop by, either to say hi to someone I knew who was going to be there or just to chat with them in general, there was a couple that I had to do a couple loops to really track them down. But yeah, I mean, it didn't feel as overly huge as a previous one, or as previous ones. I don't know, maybe it was like the way they designed it, the layout was maybe a little bit more efficient so that you could do loops through, like, an outer loop and an inner loop and actually see everything, or if it just was they just didn't have enough sponsors to truly fill it out and maybe that's why it felt like it was a little bit more approachable.I mean, it was still massive. I mean, it was still completely over the top, and loud and shiny lights and flashing things and millions of people. But it is kind of funny that, like, if you do enough of these, you can start to say, “Oh well, I don't know, it's still felt… a little bit less [laugh] for some reason.”Corey: Yeah, just a smidgen. Yeah. Pete, it is always a pleasure to get your take on re:Invent and see what you saw that I didn't and vice versa. And same time next year, same place?Pete: Yeah. I mean, like I said, one of my favorite parts of re:Invent is, you know, we always try to schedule, like, an end-of-event breakfast when we're both just supremely exhausted. Most of us don't even have a voice by the end. But just being able to, like, catch up and do our quick little recap and then obviously to be able to get on a podcast and talk about it is always a lot of fun. And yeah, thanks again for having me. This is—it's always, it's always a blast.Corey: It really is. Pete Cheslock, Head of Growth and Community at AppMap. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice and then put something insulting about me in the next keynote because you probably work on that content team.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

This week, Wes and Todd catch up with Coors Western Art Exhibit & Sale Curator, Rose Fredrick. Rose talks about this year's exhibition, what Artists are new to the show, some of the extraordinary work in the exhibit, the 30th anniversary, the Red-Carpet reception, receiving the Mary Belle Grant Award, how the Coors Western Art Exhibit & Sale helps support the National Western Scholarship Trust, and finding her voice as Curator of the Coors Western.For more information about the Coors Western Art Exhibit & Sale: www.coorswesternart.comFor more information on the Red Carpet Reception, the opening gala for the Coors Western Art Exhibit & Sale, go to:https://coorswesternart.com/red-carpet-reception.phpThe Coors Western Art Exhibit and Sale is on display January 7 - 22, 2023, on the 3rd level of the Expo Hall at the National Western Stock Show, 4655 Humboldt Street, Denver, CO 80215There is no extra fee to get into the art gallery, but there is a grounds admission charge for the Stock Show.The Coors Western Art Exhibit and Sale is open 9am to 9pm Friday and Saturday, 9am to 8pm Sunday thru Thursday.To hear previous recorded interviews with Artists on Inside the Artist's Studio go to: https://coorswesternart.com/inside-the-studio-year.php?year=2022Check out Rose Fredrick's website at www.rosefredrick.comFollow the Coors Western Art Exhibit & Sale on social media:Facebook - www.facebook.com/NWSSCoorsWesternArtInstagram - www.instagram.com/coorswesternart/@coorswesternartFollow Rose Fredrick on social media:Facebook - www.facebook.com/rose.fredrick.96Instagram - www.instagram.com/rosefredrickart/@rosefredrickart

Links: Last Week in AWS Community Slack VPC Lattice AWS Supply Chain OpenSearch Serverless AWS Verified Access Stay Up To Date with re:Quinnvent Sign up for the re:Quinnvent Newsletter Check out the re:Quinnvent playlist on YouTube If you're on site: Join Corey for a Nature Walk through the Expo Hall beginning at the Fortinet booth today (11/29/22) at 1pm PST or  For drinks at Atomic Liquors tonight at 8:15 pm PST. Tomorrow evening is re:Play, if you see Corey there, please say hello! Help the show Share your feedback Subscribe wherever you get your podcasts Buy our merch What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill

Links: Last Week in AWS Community Slack Amazon ECS Service Connect Amazon RDS Optimized Reads and Writes Fully Managed Blue / Green Deployments in Aurora and RDS Protect Sensitive Data with CloudWatch Logs Amazon cloudWatch Cross-Account Observability Stay Up To Date with re:Quinnvent Sign up for the re:Quinnvent Newsletter Check out the re:Quinnvent playlist on YouTube If you're on site: Join Corey for a Nature Walk through the Expo Hall beginning at the Fortinet booth tomorrow (11/29/22) at 1pm PST or  For drinks at Atomic Liquors tomorrow evening at 8:15 pm PST. Help the show Share your feedback Subscribe wherever you get your podcasts Buy our merch What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill

Audio version of video on YouTube. This week: You'll soon be able to set reactions on Teams message via Graph API, and use ANY emoji! UC Expo Video South Coast Summit Videos: Thursday (Ingite Watch Parties etc) Friday (PowerPlatform Hackathon, Workshops, Oktoberfest) Saturday (Keynote, Sessions, Expo Hall) 5 ways to boost your collaborative app development Rooms API now in Public Preview Introducing Azure Communication Services UI Library to React-Native Subscribe to all my videos at: https://thoughtstuff.co.uk/video Podcast: https://thoughtstuff.co.uk/itunes, https://thoughtstuff.co.uk/spotify or https://thoughtstuff.co.uk/podcast Blog: https://blog.thoughtstuff.co.uk

Hey all, Jason here.Alex Johnson, creator of the Fintech Takes newsletter, and I are happy to bring you the latest episode of our monthly podcast, Fintech Recap, where we unpack some of the biggest stories in fintech, banking, and crypto.This month, we had the chance to talk about:* Parsing MoneyLion's latest legal problems* What the CFPB's BNPL report means for the industry* Goldman's “subprime problem” and confusing co-brand strategy* Walmart's “checking account” ONE gets ready to launchAnd, as always, what Alex and I just can't let go of (hint: it involves Kim Kardashian and this music video demonstrating the brazenness of pandemic-era fraudsters.)Don't forget, you can catch Alex and me recording live at Money20/20 — you can find us Monday morning at 10:00am in the MoneyPot podcast booth located in the Expo Hall, Level 2.Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday: Get full access to Fintech Business Weekly at fintechbusinessweekly.substack.com/subscribe

Hana Gabrielová and Robin Destiche of KonopiUS will join us this week. Hana Gabrielová is a 20-year veteran within the hemp industry. In 2010 she founded Hempoint in Europe. Hempoint is involved in many parts of the supply chain – planting seed distribution, farming, harvesting, processing, manufacturing, and sales. In 2021 Hana co-founded konopiUS in the US. konopiUS distributes EU and OECD certified industrial hemp varieties to North American farmers. Hana provides invaluable experience and agronomic experience for the konopiUS team. Robin is one of the co-founders of konopiUS which has locations in North Carolina and Tennessee. konopiUS distributes EU-certified industrial hemp varieties for fiber and grain. This year konopiUS sent farming seeds to 25 states and is working with a number of universities on research studies. Join us on Facebook, YouTube, our website, or through Zoom! ~*~*~*~*~*~*~*~*~*~*~*~ This year's Expo theme is “The Power of Hemp & Cannabis” and this year's Expo will encompass all aspects of hemp and cannabis. On Thursday, May 19th, there will be a pre-Expo networking event at the Radisson. On Friday May 20th, we will focus on business-to-business activities and education. On Saturday, May 21st, the Expo Hall opens with a free admission to the public as well as a variety of free educational content. For more information about the Midwest iHemp Expo on May 20-21, 2022, you can visit the website at MidwestiHempExpo.com.

UniSeeds Inc. is a professional seed business that develops and distributes high-quality industrial hemp seed. We are farmers serving farmers, with a goal to improve life through plant genetics by working collaboratively with our peers to serve the agricultural market, increase hemp production and generate agronomic knowledge that maximizes productivity. Join us on Facebook, YouTube, our website, or through Zoom! ~*~*~*~*~*~*~*~*~*~*~*~ This year's Expo theme is “The Power of Hemp & Cannabis” and this year's Expo will encompass all aspects of hemp and cannabis. On Thursday May 19th, there will be a pre-Expo networking event at the Radisson. On Friday May 20th, we will focus on business-to-business activities and education. On Saturday, May 21st, the Expo Hall opens with a free admission to the public as well as a variety of free educational content. For more information about the Midwest iHemp Expo on May 20-21, 2022, you can visit the website at MidwestiHempExpo.com.

Kelly and Sean debrief on PyCon US 2022 on Sunday morning before flying home. From the Education Summit to the Expo Hall to the Talk Track, we cover it all. Most importantly, we cover the best food and coffee to check out for next year in Salt Lake City! Note - this is a live debrief with no editing. Enjoy!

Tonya Mora is a lifelong resident of Michigan other than her time spent in the United States Navy where she worked with the military police as well as taught sailing skills to midshipmen at the Naval Academy. After her honorable discharge, she attained the position of Corrections Officer with the Michigan State Department of Corrections. Upon leaving her state position in 2011 she developed an interest in essential oils through the loss of a friend's mother and the inheritance of her books regarding this subject. This was near the same time in which Ms. Mora had begun working behind the scenes in the medical marijuana industry trimming plants, learning more about organic growing and the therapeutic benefits of cannabis oils. She began blending topical oils for use by herself and then family and friends with great success in achieving high levels of relief from a variety of ailments. Word of mouth spread and she started her company Sweed Dreams LLC in 2015. Join us on Facebook, YouTube, our website, or through Zoom! ~*~*~*~*~*~*~*~*~*~*~*~ This year's Expo theme is “The Power of Hemp & Cannabis” and this year's Expo will encompass all aspects of hemp and cannabis. On Thursday May 19th, there will be a pre-Expo networking event at the Radisson. On Friday May 20th, we will focus on business-to-business activities and education. On Saturday, May 21st, the Expo Hall opens with a free admission to the public as well as a variety of free educational content. For more information about the Midwest iHemp Expo on May 20-21, 2022, you can visit the website at MidwestiHempExpo.com.

We are visiting with Crop Scout Christie Apple on this week's iHemp Hour! Get the Dirt on Soil with this expert. Join us on Facebook, YouTube, our website, or through Zoom! ~*~*~*~*~*~*~*~*~*~*~*~ This year's Expo theme is “The Power of Hemp & Cannabis” and this year's Expo will encompass all aspects of hemp and cannabis. On Thursday, May 19th, there will be a pre-Expo networking event at the Radisson. On Friday, May 20th, we will focus on business-to-business activities and education. On Saturday, May 21st, the Expo Hall opens with free admission to the public as well as a variety of free educational content. For more information about the Midwest iHemp Expo on May 20-21, 2022, you can visit the website at MidwestiHempExpo.com.

We will be joined by Kim Croes and Rachel Berry to talk about the use of Hemp-Lime (hempcrete) in the building. Jacob Waddell of the USHBA will also provide an update on the recent ICC trials. Both Kim and Rachel have hands-on experience building with hemp. On Saturday, April 30th you can get your hands dirty in Hemp Lime at our demonstration as Roman Vyskocil helps us build a hemp dog house! ~*~*~*~*~*~*~*~*~*~*~*~ This year's Expo theme is “The Power of Hemp & Cannabis” and this year's Expo will encompass all aspects of hemp and cannabis. On Friday May 20th, we will focus on business-to-business activities and education. On Saturday, May 21st, the Expo Hall opens with free admission to the public as well as a variety of free educational content. For more information about the Midwest iHemp Expo on May 20-21, 2022, you can visit the website at MidwestiHempExpo.com.

Insert Credit covers GDC 2022 with Liz Ryerson reporting direct from the expo hall on a quest to achieve corporate heaven, while Brandon Sheffield gets quick hits from some prominent attendees and reflects on GDC itself. Chapters: Heaven or Corporate Hell: The GDC 2022 Expo Hall, by Liz Ryerson (00:47) GDC 2022 Reports by Brandon Sheffield: standing in front of a mural (14:32) hotel report and lumbar pillow (16:34) fomo (18:47) Why Is the Whole Idea of Todd Howard Funny? An Investigation, by Kris Graft (21:23) hodd toward (23:15) bbc interview about the ukraine bundle (23:49) piloting through shit, with Rami Ismail (24:35) an anecdote about gdcs past, with Vincent Diamante (25:51) unfortunately configured pizza, with Tyriq Plummer (27:47) wearing a fuck nfts shirt in business meetings, with Xalavier Nelson Jr. (29:02) a story about discovering punk bands, with Chris Charla (31:56) flaccid exchanges and ambient jazz (33:07) san francisco and oakland are different places in america (34:57) america is a whole country that has san francisco and oakland in it (36:08) masking (36:48) an event conspiring (37:49) something to say, with Anita Sarkeesian (38:31) something interesting about anthropology, with Trent Kusters (38:53) the best pancakes in los angeles, with Teddy Dief (40:57) what lyft drivers know about stem cells, with Scott Jon Siegel (42:33) Mental Health, by Nick Suttner (43:53) international news (45:51) crashing a crypto party, with Frank Cifaldi and Kelsey Lewin (46:39) a little more to say, with Frank Cifaldi and Kelsey Lewin (52:29) bye forever (55:13) Share GDC memories in the forums! Hosted by Alex Jaffe, Liz Ryerson and Brandon Sheffield reporting. Edited by Esper Quinn. Original Music by Kurt Feldman.

In this episode, we tell you all about the Florida’s Largest Home Show, give you a peek inside the Tampa Theatre and update you on the new roller coaster at Busch Gardens Tampa. Labor Day weekend is just around the corner and Pat George from Money Talk 1010 tells you how you can have a good time with less than $10. Florida’s Largest Home Show is coming back to the Expo Hall at the Fairgrounds this Labor Day weekend and it has all your answers to make your house the home of your dreams (1:03)! Q105’s Roxanne Wilder gives you a peek inside one of Downtown Tampa’s oldest landmarks. The Tampa Theatre is a beautiful place to have a great date night that is more than just a movie night (3:50). The wait is finally over! Geno from Q105 tells us the opening date of the new roller coaster at Busch Gardens Tampa: Iron Gwazi (6:35)! Join us as we take you on a journey across all of Tampa Bay. We will show you all that this city has to offer lead by the biggest tastemakers in Tampa Bay. We are here to help you Experience Tampa Bay in 10 Minutes or Less! Join us as we take you on a journey across all of Tampa Bay. We will show you all that this city has to offer lead by the biggest tastemakers in Tampa Bay. Hosted by Q105’s Roxanne Wilder from the MJ Morning Show and Geno Knight they will be joined each week by a new tastemaker who will fill you in on something you need to check out. From the biggest events and headliners to small community events to the hottest places to eat to the local hidden gems, we will make sure you know what is going on in our area in one easy-to-digest weekly podcast episode. We are more than just beaches and sunshine! A new episode drops every Thursday at 10a. Be sure to subscribe so you don't miss an episode! We would also love to know what you think of the show. Please leave us a 5-star rating and a review!