Podcasts about Technology evangelist

In this videocast, KuppingerCole Analysts' Senior Analyst Warwick Ashford is joined by Prakash Sinha, Senior Director and Technology Evangelist at Radware, to explore how security teams can drive Mean Time To Resolution (MTTR) close to zero. As AI-powered attacks increase in sophistication and frequency, security operations centers (SOCs) must evolve by leveraging automation and AI-driven incident response. Prakash shares insights on how AI can enhance threat detection, automate remediation, and reduce analyst workloads while maintaining governance and accountability. Discover practical steps for implementing AI-assisted security and the key success factors for modernizing SOCs in the face of an ever-changing threat landscape.

In this videocast, KuppingerCole Analysts' Senior Analyst Warwick Ashford is joined by Prakash Sinha, Senior Director and Technology Evangelist at Radware, to explore how security teams can drive Mean Time To Resolution (MTTR) close to zero. As AI-powered attacks increase in sophistication and frequency, security operations centers (SOCs) must evolve by leveraging automation and AI-driven incident response. Prakash shares insights on how AI can enhance threat detection, automate remediation, and reduce analyst workloads while maintaining governance and accountability. Discover practical steps for implementing AI-assisted security and the key success factors for modernizing SOCs in the face of an ever-changing threat landscape.

On this episode host Dr. Nick recorded live at HIMSS25 with 2 guests. Scott Francis, Technology Evangelist, PFU America, Inc./Ricoh Document Scanners on how document scanners digitize patient documents right the first time. And Anurag Mehta, CEO and Founder of Omega Healthcare on their report “Realizing the Promise of Tech-Enabled, AI-Driven Revenue Cycle Management. https://www.pfu-us.ricoh.com/ To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

In this episode of the Kubernetes Bytes podcast, Ryan and Bhavin sit down with Edith (Edi) Puclla, Technology Evangelist at Percona to talk about Percona Everest. The conversation focuses on Percona's investment in the Open-source ecosystem, and how they keep innovating with Percona Monitoring and Management and Percona Everest. The discussion also dives into how the community is expanding and supporting more use cases with Data on Kubernetes and AI on Kubernetes. Check out our website at https://kubernetesbytes.com/ Cloud Native News: http://businesswire.com/news/home/20250227229731/en/Veeam-Releases-Kasten-for-Kubernetes-v7.5-Elevating-its-1-Data-Resilience-Market-Position-with-Enhanced-Security-and-Modern-Virtualization/ https://www.developer-tech.com/news/kubescape-achieves-major-milestone-in-open-source-kubernetes-security/ https://thenewstack.io/postgresql-operator-cloudnativepg-hits-the-cncf-sandbox/ https://backendnews.net/tenable-report-finds-security-gaps-in-kubernetes-environments/ https://www.infoworld.com/article/3832760/red-hat-openshift-improves-virtualization-support.html https://edera.dev/stories/series-a - https://www.datastax.com/blog/ibm-plans-to-acquire-datastax Show links: https://github.com/percona/pmm https://github.com/valkey-io/valkey https://github.com/percona/everest https://github.com/percona/percona-server-mysql-operator https://github.com/percona/percona-server-mongodb-operator https://github.com/percona/percona-postgresql-operator https://forums.percona.com/ https://github.com/percona https://www.cncf.io/blog/2024/06/28/celebrating-10-years-of-kubernetes-the-evolution-of-database-operators/ https://dok.community/ https://www.linkedin.com/in/edithpuclla/ Timestamps: 00:07:40 Cloud Native News 00:17:40 Interview with Edith 00:58:05 Key takeaways

What does it really mean to develop AI use cases for your business?  For the launch of our latest playbook on AI Transformation (download your copy here!), we gathered a panel of digital transformation experts from established software solution providers and up and coming startups at the frontier of enterprise AI adoption. We've cut the best parts of this hour-long conversation into a podcast episode for you to digest the best practices shared by these leaders.  About our guests Alex Song is the current Chief Revenue Officer of WIZ.AI, overseeing the company's revenue-generating strategies. Previously, he served as WIZ.AI's Chief Operating Officer. Under his leadership, WIZ.AI has grown to over 300 business clients across 17 countries, with Fortune 500 companies and unicorn start-ups accounting for 60% of the company's client profile. Alex is a senior business executive with over 11 years of leadership experience in both the technology and logistics sectors. Before joining WIZ.AI, he served as VP of Samsung SDS. Christian Schneider is the Co-founder and CEO of FileAI. He started his career in investment banking and consulting in Europe before moving into venture building with Rocket Internet in Singapore where he managed business intelligence for foodpanda. Thereafter, Christian co-founded Singapore-based foodtech startup DishDash.co, where he began working with Bluesheets co-founder, Clare, as it expanded to Australia. Franco Manuel is an Oracle NetSuite Master Principal Solution Consultant. He has spent more than a decade supporting business transformation through Oracle Netsuite, with a brief stint at Salesforce. He specializes in ERP / CRM pre-sales and consulting across multiple platforms, including Microsoft and IFS. Pandurang Nayak is Head of Solution Architects, ASEAN at AWS. Prior to AWS he has had a career as CTO/COO/CPO for several digital media companies in India. He was also previously a Technology Evangelist and Specialist at Microsoft. He is a lifelong software engineer and developer, since he taught himself web programming.  Directed by Paulo Joquiño Produced by Paulo Joquiño The content of this podcast is for informational purposes only, should not be taken as legal, tax, or business advice or be used to evaluate any investment or security, and is not directed at any investors or potential investors in any ⁠⁠⁠⁠⁠⁠Insignia Ventures⁠⁠⁠⁠⁠⁠ fund. Any and all opinions shared in this episode are solely personal thoughts and reflections of the guest and the host.

CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText's NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta's ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Selected Reading CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security) Agencies face ‘inflection point' ahead of looming zero-trust deadline, CISA official says (CyberScoop) Microsoft Provided Gender Detection AI on Accident (404 Media) Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek) QNAP patches critical SQLi flaw (Beyond Machines) EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig) Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread) Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (CyberScoop) GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (GreyNoise)  Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices (WIRED) Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats (Sophos News) Spooky Data at a Distance (LinkedIn) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Let us know your thoughts. Send us a Text Message. Follow me to see #HeadsTalk Podcast Audiograms every Monday on LinkedInEpisode Title:

David is Nash Squared's Group Technology Evangelist. He crafts podcasts, hosts video debates, speaks, moderates conferences, and chairs keynote stages. He's a passionate advocate for technology, dissecting its challenges and opportunities. David has worked at Nash Squared since 2007, where he has developed a deep understanding of the technology and talent markets. Recognised as Computing's Digital Ambassador of the Year (2018), he brings a wealth of experience and knowledge to every conversation. Since 2015 he has been editor and host of Tech Talks, a show about leadership and technology currently ranked as one of the most popular podcasts in the world.David Savage is this episode's guest, who reinforces why it's so important to realize that trusting ourselves is a skill. And like all skills it can be developed! In addition to learning about trusting yourself, you'll also hear from David how to become an “intrapreneur,” the importance of establishing consistent behavior, and how that applies to strengthening our personal branding.Learn more about David and Tech Talks | Website https://www.nashsquared.com/techtalksConnect with Alisa! Follow Alisa Cohn on Instagram: @alisacohn Twitter: @alisacohn Facebook: facebook.com/alisa.cohn LinkedIn: https://www.linkedin.com/in/alisacohn/ Website: http://www.alisacohn.com Download her 5 scripts for delicate conversations (and 1 to make your life better) Grab a copy of From Start-Up to Grown-Up by Alisa Cohn from AmazonLove the show? Subscribe, Rate, Review, Like, and Share!

Daniel Flowe is a Technology Evangelist specializing in Identity, Onboarding, and Compliance, and a dedicated DEI Advocate. He leads Digital Identity initiatives at the London Stock Exchange Group (LSEG) in Raleigh, North Carolina. With over four years at LSEG, Daniel has progressed through various roles, contributing significantly to the company's digital identity strategy. On The Menu: 1. Financial crime and fraud are heavily linked to identity verification failures. 2. Generative AI poses threats; need for new methods to verify authenticity. 3. Importance of verifying beneficial ownership to combat shell company misuse. 4. Enhancing security and user experience by giving control back to individuals. 5. Shift from direct selling to engaging customer-focused content creation. 6. Identity verification spans the entire customer lifecycle, not just initial onboarding. 7. Ensuring compliance while focusing on enhancing customer satisfaction and growth. Click here for a free trial: https://bit.ly/495qC9U Follow us on social media to hear from us more - Facebook- https://bit.ly/3ZYLiew Instagram- https://bit.ly/3Usdrtf Linkedin- https://bit.ly/43pdmdU Twitter- https://bit.ly/43qPvKX Pinterest- https://bit.ly/3KOOa9u Happy creating! #DanielFlowe #LondonStockExchange #Outgrow #DigitalMarket #MarketFrauds #MarketerOfTheMonth #Outgrow #Podcastoftheday #Marketingpodcast

En este capítulo descubrimos la tecnología como motor de innovación para el sector viajes. Nos acompañan Arvin Abarca, CEO y Founder de GrandVoyage, Juanda Nuñez, periodista y creador de SmartTravelNews portal de actualidad, referente en el sector viajes y Javier Sirvent, considerado el primer Technology Evangelist español, promueve la tecnología destacando sus beneficios y ayudando a empresas y líderes a confiar en ella.

 In this episode of The Orange Chair Podcast, join Colleen Alber, Technology Evangelist at Hyland, and Zach Hance, Senior Account Executive at KeyMark, as they delve into all things OnBase. Discover the latest updates and how OnBase can empower you and your organization. This episode is part one of our three-part series that brings you exclusive insights from our premier event that navigates the future of automation for businesses!

Pascale Tremblay is a Seattle-based Global Strategy consultant with experience empowering organizations to enable their language capabilities and gain a competitive advantage. Previously the Head of Language Product and Localization at Gap Inc., Pascale now advises and develops Global Language Capability initiatives for growing companies, including Language Operationalization, Multilingual Language Product Ecosystem design, Process Evolution Strategy, and Technology Evangelist.In this episode of memoQ talks, Pascale talks about how she got started in the localization industry, her experience working at Gap Inc.,  and why she transitioned into a consulting role. Pascale also explains how she engages with her clients, and discusses some of the different applications of AI that she is seeing in the loc industry.

In this episode, Download on Tech host and ITI President and CEO Jason Oxman is joined by ITI member Microsoft's Senior Accessibility Technology Evangelist Laurie Allen. Ahead of Global Accessibility Awareness Day on May 16, Jason and Laurie hone in on tech's critical role in promoting accessibility and inclusion. Laurie shares insights on Microsoft's role in bridging the disability divide, opportunities and challenges AI presents for creators, developers, and engineers in advancing accessibility, and key resources available for accessibility support and guidance. Listen to the podcast on Apple Podcasts, Libsyn, or Spotify or watch the episode on ITI's YouTube channel.

What a fun episode with a great friend, Dr. John Flucke.  If there is a dental product or piece of technology out there today, you can bet Dr. Flucke has had his hands on it at some point.Dr. John Flucke is in private practice in Lee's Summit, Missouri where he spends two days per week in direct patient care.  He also serves as Chief Dental Editor as well as Technology Editor for Dental Products Report magazine where he writes, edits, and does video “Test Drives” of products featured in his “Technology Evangelist' columns.Doctor Flucke has one of the most popular dental blogs on the Internet “Ramblings of Dentistry's Technology Evangelist '' featuring daily updates on technology in healthcare and technology in general.  The site has over 2.5 million unique page views.He lectures extensively on all aspects of clinical dentistry as well as technology in dentistry and has been featured at every major dental meeting in the U.S. and international locations as well.  Dr. Flucke uses technology in every aspect of his practice and personal life; pushing himself to constantly be on the leading edge.  He loves testing, and breaking, the latest gear he can get his hands on.  He lives his life by the motto “you can't have too many toys”.He consults with manufacturers helping with development of techniques, technologies, and products which allows him to see things from the “duct tape and zip tie stage” all the way through to the completed item.Dr. Flucke's passion is “Technology that Improves Patient Outcomes” and he is always working to create or to help create products and techniques that allow patients a better quality of life.Dr. Flucke provides expert witness testimony in dental litigation.  He is a past president of the Greater Kansas City Dental Society as well as served as the Missouri State Peer Review Chairman for over 20 years.IG= @jflucke X=@jflucke FB=fluckej YouTube Channel= https://www.youtube.com/channel/UCtKsPYNvSawIioZOLXB0cGAThis episode is brought to you by our educational partners, Shofu.

Kristopher Lengieza is Vice President @ Procore Technologies | Construction Technology Evangelist, Partnerships Leader, Digital Transformation Facilitator. Kris shared the latest on his new focus at Procore and his origin story. We talked about Procore's vision to improve the lives of everyone in construction and why this means providing lots of integrations and free continuing education. Kris shared his perspective on what Constructive means to him and how its baked into his own philosophy and Procore's as well. We also discussed AI, how COVID positively influenced the AEC industry, Kris's vision of the future of our industry, and the data journey in construction. Hope you enjoy as much as I did! --- Send in a voice message: https://podcasters.spotify.com/pod/show/sethyoufree/message

The episode is a conversation between the host, Chris Whitaker, and his guest, Ryan Carlson, a technology evangelist at Soracom. They discuss Ryan's journey in the field of IoT, connectivity, and the development of smart products. Ryan shares insights about building a smart product, emphasizes the importance of multi-carrier cellular providers, and the evolution of cloud native technology. He also advises on the three Ps - play, potential, and plan - for successful product development. The conversation delves into various topics including podcasting, networking, and the interconnectedness between human and technological connectivity.Ryan Carlson is the Technology Evangelist at Soracom, a company specializing in cloud-native cellular connectivity for IoT applications. Ryan has helped pioneer connected products in energy, healthcare, transportation, and commercial services as a product owner, solutions architect, researcher, and principal IoT consultant. He has first-hand experience in product design, user research, IoT corporate strategy, and overseeing product development and go-to-market strategies. In addition, he is the host to the wildly successful podcast “What to expect when your connecting” More on Soracom- https://www.soracom.io/us/More on Ryan- https://www.linkedin.com/in/rjcarlson/Support the show

Where do multi-cloud and edge intersect?  What is the dividing line between them? In this episode, Bill sits down with Jeff DeVerter, Chief Technology Evangelist at Rackspace Technology, to dive into relationships between edge, multi-cloud, managed hosting, and colos. They discuss the never-ending decisions that have to be made regarding where to host data.---------Key Quotes:“I don't like thinking about things from the angle of how can I save money? What I do like on the fin-up side, is how do I ensure that every dollar, every peso, every euro I'm going to spend on technology is going to drive meaningful business outcomes?”“What excites me about the future of edge computing? First of all, because it is a first class citizen today and not a buzzword. That one gets me excited, that it is a core component of most enterprise architectures these days and a first-class citizen there.” --------Timestamps: (01:00) How Jeff got started in tech(06:43) The lin between edge, cloud, and colos(12:43) IT has to understand the business side (14:51) Views on multi-cloud(26:36) Managed hosting at Rackspace (28:12) Navigating egress fees(32:08) Is moving to the cloud the riskiest thing a company will do? (38:08) Do customers care about edge as a term? (41:20) What excites Jeff about the future of the edge?--------Sponsor:Over the Edge is brought to you by Dell Technologies to unlock the potential of your infrastructure with edge solutions. From hardware and software to data and operations, across your entire multi-cloud environment, we're here to help you simplify your edge so you can generate more value. Learn more by visiting dell.com/edge for more information or click on the link in the show notes.--------Credits:Over the Edge is hosted by Bill Pfeifer, and was created by Matt Trifiro and Ian Faison. Executive producers are Matt Trifiro, Ian Faison, Jon Libbey and Kyle Rusca. The show producer is Erin Stenhouse. The audio engineer is Brian Thomas. Additional production support from Elisabeth Plutko.--------Links:Follow Bill on LinkedInConnect with Jeff DeVerter on LinkedIn

In this engaging podcast episode hosted by Paolo Sironi, and joined by Bruno Macedo and Natasa Kyprianidou the discussion delved into the dynamic landscape of financial technology. The JPMorgan Chase latest announcement kicked off the conversation by revealing a staggering increase in hacking attempts, reaching 45 million cyber attacks daily, highlighting the evolving sophistication of fraudsters. The exploration continued with insights from the IBM Institute for Business Value's research on embedded finance, envisioning the “emergence of an everywhere, everyday bank”. Davos 2024 took center stage, emphasizing generative AI regulation, climate change, and conflict as pivotal topics in elite discussions. The episode transitioned to legal matters, touching on the New York Times' lawsuit against Microsoft and OpenAI for alleged copyright infringement, raising questions about AI tools using content without permission. Temenos' Bruno Macedo contributed to the conversation with revelations about how Generative AI is poised to positively transform the face of banking. Samsung's Galaxy S24 Series ushered in a new era of Mobile AI, promising barrier-free communication, creativity, and endless possibilities. The guests shared their "WOW moments," highlighting the rise of Chief Product Officers in Financial Services and the potential impact of splitting savings optimally. The podcast concluded with a glance at JPMorgan Chase's strategic move, leading a $300 million funding round in a quantum computing firm, showcasing the industry's commitment to embracing cutting-edge technologies. ‌ Connect with our guests: Bruno Macedo: https://www.linkedin.com/in/armindom/ Technology Evangelist at Temenos, Founder FusionAlgo Natasa Kyprianidou: https://www.linkedin.com/in/natashakyprianides/ Independent FS Consultant, Founder of Fintecher Stories Newsletter

IT-Sicherheit ist extrem wichtig, aber der Weg dorthin aus mehreren Gründen schwierig. In dieser Folge erklärt Michael Veit, Technology Evangelist bei Sophos, worauf Mittelständler achten sollten.

Welcome to episode 39 of More Than a Refresh, where JD sits down with Dave Stokes, Technology Evangelist @ Percona. Listen in as they discuss Postgres vs. MySQL, maintaining "boring but vital" OSS projects, and how to save a piece of data for 100+ years.

Conversation with Jeff DeVerter, Chief Technology Evangelist at Rackspace, a cloud computing company. We explore how they deployed a LLM (Google PaLM)  for a sales application, and how they're enabling their Azure and AWS customers too.What I learned I learned from JeffYou should probably go with the LLM of your current cloud provider be it, Google, Microsoft, or Amazon. All the major vendors have versions of LLMs that can be deployed in a private cloud to ensure data confidentiality. To fully realize the potential of AI, think  “data pipeline”. So from the get-go, whatever data is created is easily ingested by AI.And much more!We laugh. We cry. We iterate.Check out what THE MACHINES and one human say about the Super Prompt podcast:“I'm afraid I can't do that.” — HAL9000“These are not the droids you are looking for." — Obi-Wan“Like tears in rain.” — Roy Batty“Hasta la vista baby.” — T1000"I'm sorry, but I do not have information after my last knowledge update in January 2022." — GPT3

This podcast was delivered on 25 August 2023 and is the ninth and final session in CLI's AI for Legal Series. In this session Lisa Crosbie, Technology Evangelist and Amanda Fajerman, Engagement Manager, both at Barhead discussed Driving your business forward with Microsoft Copilot. Topics covered included: What is Microsoft Copilot? Where will Microsoft Copilot be available? When will Microsoft Copilot be available? The need to be ready for Microsoft Copilot How to drive your business forward with Microsoft Copilot Reduce your digital debt Audit your context, knowledge and information sources Update your MS Knowledge and Governance Framework Prepare your workforce Embed ‘productivity efficiency' mindsets Resources CLI Legal Generative AI LinkedIn Group CLI Generative AI Initiative If you would prefer to watch rather than listen to this episode, you'll find the video in our CLI-Collaborate (CLIC) free Resource Hub here.

We talk to technology evangelist Doug Hohulin about Artificial Intelligence (AI), how we use it as a tool and remember not to loose our humanity. Check out Doug on his linkedin: https://www.linkedin.com/in/doughohulin/We also have merch on our brand new website! https://newtonsnuggets.com-------------------------------------------------------------------------- SponsorsBecome a sponsor of the show: https://newtonsnuggets.com/pages/sponsorship-------------------------------------------------------------------------- To be a guest on nuggets, sign up here: https://newtonsnuggets.com/pages/be-our-guestBuy the MentalTheft book from here in the UK:https://www.amazon.co.uk/MentalTheft-Your-mind-weakest-link/dp/1838254102 Anywhere else in the world, go to Amazon as usual and search MentalTheft (one word).Thanks as usual to Jesse for making the magic happen:https://www.jlawrence-photography.co.uk Check out Paul on: https://www.mentaltheft.co.uk#newtonsnuggets  

Listen in as we talk to Jeff Deverter, Chief Technology Evangelist about a new and evolving topic of Cloud, Containers, and Kubernetes. Jeff lays out his destiny and passion for technology growing up his entire life learning from his father who played a key role at IBM for 30+ years. He also gets into three key ways to talk about helping customers modernize regardless of where they are, on-prem, partial cloud, or even struggling with legacy app designs, you'll learn how Rackspace can help! Josh Lupresto (00:00): Welcome to the podcast that is designed to fuel your success in selling technology solutions. I'm your host, Josh Lupresto, SVP of Sales Engineering, at Telarus, and this is Next Level BizTech. Hey everybody. Welcome back to another episode. Today we are Talking Cloud, and more importantly, we're talking about three ways that you can help your customer with Kubernetes. And you may not know what that is yet but we're gonna get into it and we're gonna break it down. And more importantly, we've got Jeff DeVerter, chief Technology Evangelist from Rackspace on with us today. Jeff, thanks for joining, man. Jeff DeVerter (02:12): Josh, I am honored to be here. Thanks so much for the invitation, Josh Lupresto (02:16): I always like to kick this off with a little bit of background for anybody that doesn't know you, maybe it's blackmail that we could use against you later, but something I, I, I love to just kind of hear how everybody got into this space. Some people knew they wanted to be in tech from day one. Last guy I just talked to was a boat mechanic and didn't love that. And, and here we are now. So, so fill us in for you. How did you get here? Jeff DeVerter (02:38): Well, then maybe this one will be a first for you if we're gonna go way, way back to the very beginning. So let's go back to high school. So I grew up in in a, in a family where, you know, the dad could still have one career for 40 something years. And he was an IBM-er through and through first job out of the Navy, IBM last, last thing he did before he retired, still working for I B M and had an amazing career. Did some incredible stuff. He started as the guy who would go in and fix the cooling systems for the big tape drive systems that was storage back in the, whenever that was early sixties. And and so, needless to say, technology was just a part, whatever it was, was part of my growing up. And, but I was also into music. Jeff DeVerter (03:25): And so as a, you know, a middle schooler, high schooler thinking, what do I do? Do I go get into computers? Do I do I do to do something in music? And so I was a senior in high school. We'd been moved down to Austin, Texas, and I go into, as a senior, whatever advanced placement computer science was in those days on a green screen. And I sit down in the fall and I think, can't stare at that screen for the rest of my life. That's green and that is boring. And so, so I think I'm gonna, I'm gonna make a run at this music thing. I had a smart guitar teacher. He said, Jeff, you should really think about the technical side of, of music cuz maybe you're not the best guitar player in the world, . So I went in to learn how to be an recording studio engineer and producer. Jeff DeVerter (04:05): That was, that was gonna be the job. And ended up down in Houston, Texas and intern at the studio grow, you know, kind of grow up inside of this studio get married along the way, end up buying this recording studio. And the first thing I do when I buy a recording studio is put in a computer network. Why not Harken back to my father who's still working for ibm, excuse me. And os two warp is around in these days. And so I put in this couple of computers and network, and I think networking sort of fun. I, I think I could do this sort of thing if I didn't ha have this other day job. So I go on and do music for a number of years.

About Susan Zhang: Leadership is not just about achieving success but about inspiring and empowering others to do the same. My next guest on The One Percent Project, Susan Zhang, embodies that. An exemplary business executive and visionary entrepreneur, Susan has a remarkable career spanning three continents. With an impressive legacy through her work with Google and ByteDance (TikTok), Amazon, and Canva, she effectively combines technical prowess with commercial acumen. Susan has an exceptional track record and has become a prominent figure in the global business, making her a powerful catalyst for positive change. Susan's passion for driving China-Australia linkage led her to found her own company, assist UoW's 2015 rebrand in the Chinese market, and become a Technology Evangelist for the Australia China Millennial Project. She is a published author, a dynamic, inspirational speaker, and a valued mentor for young entrepreneurs worldwide. Join me in this episode of The One Percent Project as I speak to Susan about her unconventional career trajectory, leadership style, her book ‘Life Outside My Comfort Zone: Hup Draak!,' and her strategies for a successful career. Subscribe to the show wherever you listen to it and sign up for The One Percent Project's "Think" newsletter at onepercent.live for curated content that adds value to your professional and personal development. Key Take Aways & Transcript: ⁠⁠⁠⁠⁠https://bit.ly/TOP_Susan Follow & Subscribe: WhatsApp: ⁠⁠⁠https://bit.ly/TOP_WA2⁠⁠⁠ YouTube: ⁠⁠⁠https://bit.ly/TOP_Youtube⁠⁠⁠ LinkedIn: ⁠⁠⁠https://bit.ly/TOP_LinkedIn⁠⁠⁠ Twitter: ⁠⁠⁠https://bit.ly/TOP_Twitter1⁠⁠⁠ Instagram: ⁠⁠⁠https://bit.ly/TOP_Insta⁠ In this conversation, she talks about: ⁠⁠⁠⁠00:00⁠⁠ Intro ⁠⁠ 1:26 Her journey from China to working for Google, ByteDance, Amazon and Canva by age 30. 4:33 How did she navigate through different roles at different organisations? 7:22 Her book “Life Outside My Comfort Zone: Hup Draak!”. 9:46 Productivity tool. 11:48 Books & Blogs that have influenced. 14:22 Advice to her younger self.

In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexico for a few months to recover from his burnout. Despite telling himself he wouldn't work again, Jack discovered Uptycs, a leading XDR platform that has the opportunity to change cybersecurity and joined their team as Technology Evangelist. Links: Follow Jack Roehrig on LinkedIn: https://www.linkedin.com/in/jackery/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Introducing Jack Roehrig 01:40 - Jack's security origin story 04:50 - The harsh realities of burnout in tech 05:33 - Finding peace in Mexico 07:51 - Working for your purpose 11:26 - From risk aversion to risk tolerance 13:51 - Join our community! 15:37 - Falling in love with XDR

It's that time again! This special guest episode features the wonderful Scot Hacker, author of The BeOS Bible. We talk about the past, present and future in this great extended episode covering BeOS, photography and writing books. Content warning: there are two very brief anecdotes that refer to extreme violence (in context), neither of which involved the guest or any of the co-hosts. Good Morning Andrew! 00:00:00 Andrew overslept a little today...

Jack Roehrig, Technology Evangelist at Uptycs, joins Corey on Screaming in the Cloud for a conversation about security awareness, ChatGPT, and more. Jack describes some of the recent developments at Uptycs, which leads to fascinating insights about the paradox of scaling engineering teams large and small. Jack also shares how his prior experience working with AskJeeves.com has informed his perspective on ChatGPT and its potential threat to Google. Jack and Corey also discuss the evolution of Reddit, and the nuances of developing security awareness trainings that are approachable and effective.About JackJack has been passionate about (obsessed with) information security and privacy since he was a child. Attending 2600 meetings before reaching his teenage years, and DEF CON conferences shortly after, he quickly turned an obsession into a career. He began his first professional, full-time information-security role at the world's first internet privacy company; focusing on direct-to-consumer privacy. After working the startup scene in the 90's, Jack realized that true growth required a renaissance education. He enrolled in college, completing almost six years of coursework in a two-year period. Studying a variety of disciplines, before focusing on obtaining his two computer science degrees. University taught humility, and empathy. These were key to pursuing and achieving a career as a CSO lasting over ten years. Jack primarily focuses his efforts on mentoring his peers (as well as them mentoring him), advising young companies (especially in the information security and privacy space), and investing in businesses that he believes are both innovative, and ethical.Links Referenced: Uptycs: https://www.uptycs.com/ jack@jackroehrig.com: mailto:jack@jackroehrig.com jroehrig@uptycs.com: mailto:jroehrig@uptycs.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey:  LANs of the late 90's and early 2000's were a magical place to learn about computers, hang out with your friends, and do cool stuff like share files, run websites & game servers, and occasionally bring the whole thing down with some ill-conceived software or network configuration. That's not how things are done anymore, but what if we could have a 90's style LAN experience along with the best parts of the 21st century internet? (Most of which are very hard to find these days.) Tailscale thinks we can, and I'm inclined to agree. With Tailscale I can use trusted identity providers like Google, or Okta, or GitHub to authenticate users, and automatically generate & rotate keys to authenticate devices I've added to my network. I can also share access to those devices with friends and teammates, or tag devices to give my team broader access. And that's the magic of it, your data is protected by the simple yet powerful social dynamics of small groups that you trust. Try now - it's free forever for personal use. I've been using it for almost two years personally, and am moderately annoyed that they haven't attempted to charge me for what's become an absolutely-essential-to-my-workflow service.Corey: Kentik provides Cloud and NetOps teams with complete visibility into hybrid and multi-cloud networks. Ensure an amazing customer experience, reduce cloud and network costs, and optimize performance at scale — from internet to data center to container to cloud. Learn how you can get control of complex cloud networks at www.kentik.com, and see why companies like Zoom, Twitch, New Relic, Box, Ebay, Viasat, GoDaddy, booking.com, and many, many more choose Kentik as their network observability platform. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is brought to us by our friends at Uptycs and they have once again subjected Jack Roehrig, Technology Evangelist, to the slings, arrows, and other various implements of misfortune that I like to hurl at people. Jack, thanks for coming back. Brave of you.Jack: I am brave [laugh]. Thanks for having me. Honestly, it was a blast last time and I'm looking forward to having fun this time, too.Corey: It's been a month or two, ish. Basically, the passing of time is one of those things that is challenging for me to wrap my head around in this era. What have you folks been up to? What's changed since the last time we've spoken? What's coming out of Uptycs? What's new? What's exciting? Or what's old with a new and exciting description?Jack: Well, we've GA'ed our agentless architecture scanning system. So, this is one of the reasons why I joined Uptycs that was so fascinating to me is they had kind of nailed XDR. And I love the acronyms: XDR and CNAPP is what we're going with right now. You know, and we have to use these acronyms so that people can understand what we do without me speaking for hours about it. But in short, our agentless system looks at the current resting risk state of production environment without the need to deploy agents, you know, as we talked about last time.And then the XDR piece, that's the thing that you get to justify the extra money on once you go to your CTO or whoever your boss is and show them all that risk that you've uncovered with our agentless piece. It's something I've done in the past with technologies that were similar, but Uptycs is continuously improving, our anomaly detection is getting better, our threat intel team is getting better. I looked at our engineering team the other day. I think we have over 300 engineers or over 250 at least. That's a lot.Corey: It's always wild for folks who work in small shops to imagine what that number of engineers could possibly be working on. Then you go and look at some of the bigger shops and you talk to them and you hear about all the different ways their stuff is built and how they all integrate together and you come away, on some level, surprised that they're able to work with that few engineers. So, it feels like there's a different perspective on scale. And no one has it right, but it is easy, I think, in the layperson's mindset to hear that a company like Twitter, for example, before it got destroyed, had 5000 engineers. And, “What are they all doing?” And, “Well, I can see where that question comes from and the answer is complicated and nuanced, which means that no one is going to want to hear it if it doesn't fit into a tweet itself.” But once you get into the space, you start realizing that everything is way more complicated than it looks.Jack: It is. Yeah. You know, it's interesting that you mention that about Twitter. I used to work for a company called Interactive Corporation. And Interactive Corporation is an internet conglomerate that owns a lot of those things that are at the corners of the internet that not many people know about. And also, like, the entire online dating space. So, I mean, it was a blast working there, but at one point in my career, I got heavily involved in M&A. And I was given the nickname Jack the RIFer. RIF standing for Reduction In Force.Corey: Oof.Jack: So, Jack the RIFer was—yeah [laugh] I know, right?Corey: It's like Buzzsaw Ted. Like, when you bring in the CEO with the nickname of Buzzsaw in there, it's like, “Hmm, I wonder who's going to hire a lot of extra people?” Not so much.Jack: [laugh]. Right? It's like, hey, they said they were sending, “Jack out to hang out with us,” you know, in whatever country we're based out of. And I go out there and I would drink them under the table. And I'd find out the dirty secrets, you know.We would be buying these companies because they would need optimized. But it would be amazing to me to see some of these companies that were massive and they produced what I thought was so little, and then to go on to analyze everybody's job and see that they were also intimately necessary.Corey: Yeah. And the question then becomes, if you were to redesign what that company did from scratch. Which again, is sort of an architectural canard; it was the easiest thing in the world to do is to design an architecture from scratch on a whiteboard with almost an arbitrary number of constraints. The problem is that most companies grow organically and in order to get to that idealized architecture, you've got to turn everything off and rebuild it from scratch. The problem is getting to something that's better without taking 18 months of downtime while you rebuild everything. Most companies cannot and will not sustain that.Jack: Right. And there's another way of looking at it, too, which is something that's been kind of a thought experiment for me for a long time. One of the companies that I worked with back at IC was Ask Jeeves. Remember Ask Jeeves?Corey: Oh, yes. That was sort of the closest thing we had at the time to natural language search.Jack: Right. That was the whole selling point. But I don't believe we actually did any natural language processing back then [laugh]. So, back in those days, it was just a search index. And if you wanted to redefine search right now and you wanted to find something that was like truly a great search engine, what would you do differently?If you look at the space right now with ChatGPT and with Google, and there's all this talk about, well, ChatGPT is the next Google killer. And then people, like, “Well, Google has Lambda.” What are they worried about ChatGPT for? And then you've got the folks at Google who are saying, “ChatGPT is going to destroy us,” and the folks in Google who are saying, “ChatGPT's got nothing on us.” So, if I had to go and do it all over from scratch for search, it wouldn't have anything to do with ChatGPT. I would go back and make a directed, cyclical graph and I would use node weight assignments based on outbound links. Which is exactly what Google was with the original PageRank algorithm, right [laugh]?Corey: I've heard this described as almost a vector database in various terms depending upon what it is that—how it is you're structuring this and what it looks like. It's beyond my ken personally, but I do see that there's an awful lot of hype around ChatGPT these days, and I am finding myself getting professionally—how do I put it—annoyed by most of it. I think that's probably the best way to frame it.Jack: Isn't it annoying?Corey: It is because it's—people ask, “Oh, are you worried that it's going to take over what you do?” And my answer is, “No. I'm worried it's going to make my job harder more than anything else.” Because back when I was a terrible student, great, write an essay on this thing, or write a paper on this. It needs to be five pages long.And I would write what I thought was a decent coverage of it and it turned out to be a page-and-a-half. And oh, great. What I need now is a whole bunch of filler fluff that winds up taking up space and word count but doesn't actually get us to anywhere—Jack: [laugh].Corey: —that is meaningful or useful. And it feels like that is what GPT excels at. If I worked in corporate PR for a lot of these companies, I would worry because it takes an announcement that fits in a tweet—again, another reference to that ailing social network—and then it turns it into an arbitrary length number of pages. And it's frustrating for me just because that's a lot more nonsense I have to sift through in order to get the actual, viable answer to whatever it is I'm going for here.Jack: Well, look at that viable answer. That's a really interesting point you're making. That fluff, right, when you're writing that essay. Yeah, that one-and-a-half pages out. That's gold. That one-and-a-half pages, that's the shit. That's the stuff you want, right? That's the good shit [laugh]. Excuse my French. But ChatGPT is what's going to give you that filler, right? The GPT-3 dataset, I believe, was [laugh] I think it was—there's a lot of Reddit question-and-answers that were used to train it. And it was trained, I believe—the data that it was trained with ceased to be recent in 2021, right? It's already over a year old. So, if your teacher asked you to write a very contemporary essay, ChatGPT might not be able to help you out much. But I don't think that that kind of gets the whole thing because you just said filler, right? You can get it to write that extra three-and-a-half pages from that five pages you're required to write. Well, hey, teachers shouldn't be demanding that you write five pages anyways. I once heard, a friend of mine arguing about one presidential candidate saying, “This presidential candidate speaks at a third-grade level.” And the other person said, “Well, your presidential candidate speaks at a fourth-grade level.” And I said, “I wish I could convey presidential ideas at a level that a third or a fourth grader could understand” You know? Right?Corey: On some level, it's actually not a terrible thing because if you can only convey a concept at an extremely advanced reading level, then how well do you understand—it felt for a long time like that was the problem with AI itself and machine-learning and the rest. The only value I saw was when certain large companies would trot out someone who was themselves deep into the space and their first language was obviously math and they spoke with a heavy math accent through everything that they had to say. And at the end of it, I didn't feel like I understood what they were talking about any better than I had at the start. And in time, it took things like ChatGPT to say, “Oh, this is awesome.” People made fun of the Hot Dog/Not A Hot Dog App, but that made it understandable and accessible to people. And I really think that step is not given nearly enough credit.Jack: Yeah. That's a good point. And it's funny, you mentioned that because I started off talking about search and redefining search, and I think I use the word digraph for—you know, directed gra—that's like a stupid math concept; nobody understands what that is. I learned that in discrete mathematics a million years ago in college, right? I mean, I'm one of the few people that remembers it because I worked in search for so long.Corey: Is that the same thing is a directed acyclic graph, or am I thinking of something else?Jack: Ah you're—that's, you know, close. A directed acyclic graph has no cycles. So, that means you'll never go around in a loop. But of course, if you're just mapping links from one website to another website, A can link from B, which can then link back to A, so that creates a cycle, right? So, an acyclic graph is something that doesn't have that cycle capability in it.Corey: Got it. Yeah. Obviously, my higher math is somewhat limited. It turns out that cloud economics doesn't generally tend to go too far past basic arithmetic. But don't tell them. That's the secret of cloud economics.Jack: I think that's most everything, I mean, even in search nowadays. People aren't familiar with graph theory. I'll tell you what people are familiar with. They're familiar with Google. And they're familiar with going to Google and Googling for something, and when you Google for something, you typically want results that are recent.And if you're going to write an essay, you typically don't care because only the best teachers out there who might not be tricked by ChatGPT—honestly, they probably would be, but the best teachers are the ones that are going to be writing the syllabi that require the recency. Almost nobody's going to be writing syllabi that requires essay recency. They're going to reuse the same syllabus they've been using for ten years.Corey: And even that is an interesting question there because if we talk about the results people want from search, you're right, I have to imagine the majority of cases absolutely care about recency. But I can think of a tremendous number of counterexamples where I have been looking for things explicitly and I do not want recent results, sometimes explicitly. Other times because no, I'm looking for something that was talked about heavily in the 1960s and not a lot since. I don't want to basically turn up a bunch of SEO garbage that trawled it from who knows where. I want to turn up some of the stuff that was digitized and then put forward. And that can be a deceptively challenging problem in its own right.Jack: Well, if you're looking for stuff has been digitized, you could use archive.org or one of the web archive projects. But if you look into the web archive community, you will notice that they're very secretive about their data set. I think one of the best archive internet search indices that I know of is in Portugal. It's a Portuguese project.I can't recall the name of it. But yeah, there's a Portuguese project that is probably like the axiomatic standard or like the ultimate prototype of how internet archiving should be done. Search nowadays, though, when you say things like, “I want explicitly to get this result,” search does not want to show you explicitly what you want. Search wants to show you whatever is going to generate them the most advertising revenue. And I remember back in the early search engine marketing days, back in the algorithmic trading days of search engine marketing keywords, you could spend $4 on an ad for flowers and if you typed the word flowers into Google, you just—I mean, it was just ad city.You typed the word rehabilitation clinic into Google, advertisements everywhere, right? And then you could type certain other things into Google and you would receive a curated list. These things are obvious things that are identified as flaws in the secrecy of the PageRank algorithm, but I always thought it was interesting because ChatGPT takes care of a lot of the stuff that you don't want to be recent, right? It provides this whole other end to this idea that we've been trained not to use search for, right?So, I was reviewing a contract the other day. I had this virtual assistant and English is not her first language. And she and I red-lined this contract for four hours. It was brutal because I kept on having to Google—for lack of a better word—I had to Google all these different terms to try and make sense of it. Two days later, I'm playing around with ChatGPT and I start typing some very abstract commands to it and I swear to you, it generated that same contract I was red-lining. Verbatim. I was able to get into generating multiple [laugh] clauses in the contract. And by changing the wording in ChatGPT to save, “Create it, you know, more plaintiff-friendly,” [laugh] that contract all of a sudden, was red-lined in a way that I wanted it to be [laugh].Corey: This is a fascinating example of this because I'm married to a corporate attorney who does this for a living, and talking to her and other folks in her orbit, the problem they have with it is that it works to a point, on a limited basis, but it then veers very quickly into terms that are nonsensical, terms that would absolutely not pass muster, but sound like something a lawyer would write. And realistically, it feels like what we've built is basically the distillation of a loud, overconfident white guy in tech because—Jack: Yes.Corey: —they don't know exactly what they're talking about, but by God is it confident when it says it.Jack: [laugh]. Yes. You hit the nail on that. Ah, thank you. Thank you.Corey: And there's as an easy way to prove this is pick any topic in the world in which you are either an expert or damn close to it or know more than the average bear about and ask ChatGPT to explain that to you. And then notice all the things that glosses over or what it gets subtly wrong or is outright wrong about, but it doesn't ever call that out. It just says it with the same confident air of a failing interview candidate who gets nine out of ten questions absolutely right, but the one they don't know they bluff on, and at that point, you realize you can't trust them because you never know if they're bluffing or they genuinely know the answer.Jack: Wow, that is a great analogy. I love that. You know, I mentioned earlier that the—I believe the part of the big portion of the GPT-3 training data was based on Reddit questions and answers. And now you can't categorize Reddit into a single community, of course; that would be just as bad as the way Reddit categories [laugh] our community, but Reddit did have a problem a wh—I remember, there was the Ellen Pao debacle for Reddit. And I don't know if it was so much of a debacle if it was more of a scapegoat situation, but—Corey: I'm very much left with a sense that it's the scapegoat. But still, continue.Jack: Yeah, we're adults. We know what happened here, right? Ellen Pao is somebody who is going through some very difficult times in her career. She's hired to be a martyr. They had a community called fatpeoplehate, right?I mean, like, Reddit had become a bizarre place. I used Reddit when I was younger and it didn't have subreddits. It was mostly about programming. It was more like Hacker News. And then I remember all these people went to Hacker News, and a bunch of them stayed at Reddit and there was this weird limbo of, like, the super pretentious people over at Hacker News.And then Reddit started to just get weirder and weirder. And then you just described ChatGPT in a way that just struck me as so Reddit, you know? It's like some guy mansplaining some answer. It starts off good and then it's overconfidently continues to state nonsensical things.Corey: Oh yeah, I was a moderator of the legal advice and personal finance subreddits for years, and—Jack: No way. Were you really?Corey: Oh, absolutely. Those corners were relatively reasonable. And like, “Well, wait a minute, you're not a lawyer. You're correct and I'm also not a financial advisor.” However, in both of those scenarios, what people were really asking for was, “How do I be a functional adult in society?”In high school curricula in the United States, we insist that people go through four years of English literature class, but we don't ever sit down and tell them how to file their taxes or how to navigate large transactions that are going to be the sort of thing that you encounter in adulthood: buying a car, signing a lease. And it's more or less yeah, at some point, you wind up seeing someone with a circumstance that yeah, talk to a lawyer. Don't take advice on the internet for this. But other times, it's no, “You cannot sue a dog. You have to learn to interact with people as a grown-up. Here's how to approach that.” And that manifests as legal questions or finance questions, but it all comes down to I have been left on prepared for the world I live in by the school system. How do I wind up addressing these things? And that is what I really enjoyed.Jack: That's just prolifically, prolifically sound. I'm almost speechless. You're a hundred percent correct. I remember those two subreddits. It always amazes me when I talk to my friends about finances.I'm not a financial person. I mean, I'm an investor, right, I'm a private equity investor. And I was on a call with a young CEO that I've been advising for while. He runs a security awareness training company, and he's like, you know, you've made 39% off of your investment three months. And I said, “I haven't made anything off of my investment.”I bought a safe and, you know—it's like, this is conversion equity. And I'm sitting here thinking, like, I don't know any of the stuff. And I'm like, I talk to my buddies in the—you know, that are financial planners and I ask them about finances, and it's—that's also interesting to me because financial planning is really just about when are you going to buy a car? When are you going to buy a house? When are you going to retire? And what are the things, the securities, the companies, what should you do with your money rather than store it under your mattress?And I didn't really think about money being stored under a mattress until the first time I went to Eastern Europe where I am now. I'm in Hungary right now. And first time I went to Eastern Europe, I think I was in Belgrade in Serbia. And my uncle at the time, he was talking about how he kept all of his money in cash in a bank account. In Serbian Dinar.And Serbian Dinar had already gone through hyperinflation, like, ten years prior. Or no, it went through hyperinflation in 1996. So, it was not—it hadn't been that long [laugh]. And he was asking me for financial advice. And here I am, I'm like, you know, in my early-20s.And I'm like, I don't know what you should do with your money, but don't put it under your mattress. And that's the kind of data that Reddit—that ChatGPT seems to have been trained on, this GPT-3 data, it seems like a lot of [laugh] Redditors, specifically Redditors sub-2001. I haven't used Reddit very much in the last half a decade or so.Corey: Yeah, I mean, I still use it in a variety of different ways, but I got out of both of those cases, primarily due to both time constraints, as well as my circumstances changed to a point where the things I spent my time thinking about in a personal finance sense, no longer applied to an awful lot of folk because the common wisdom is aimed at folks who are generally on a something that resembles a recurring salary where they can calculate in a certain percentage raises, in most cases, for the rest of their life, plan for other things. But when I started the company, a lot of the financial best practices changed significantly. And what makes sense for me to do becomes actively harmful for folks who are not in similar situations. And I just became further and further attenuated from the way that you generally want to give common case advice. So, it wasn't particularly useful at that point anymore.Jack: Very. Yeah, that's very well put. I went through a similar thing. I watched Reddit quite a bit through the Ellen Pao thing because I thought it was a very interesting lesson in business and in social engineering in general, right? And we saw this huge community, this huge community of people, and some of these people were ridiculously toxic.And you saw a lot of groupthink, you saw a lot of manipulation. There was a lot of heavy-handed moderation, there was a lot of too-late moderation. And then Ellen Pao comes in and I'm, like, who the heck is Ellen Pao? Oh, Ellen Pao is this person who has some corporate scandal going on. Oh, Ellen Pao is a scapegoat.And here we are, watching a community being socially engineered, right, into hating the CEO who's just going to be let go or step down anyways. And now they ha—their conversations have been used to train intelligence, which is being used to socially engineer people [laugh] into [crosstalk 00:22:13].Corey: I mean you just listed something else that's been top-of-mind for me lately, where it is time once again here at The Duckbill Group for us to go through our annual security awareness training. And our previous vendor has not been terrific, so I start looking to see what else is available in that space. And I see that the world basically divides into two factions when it comes to this. The first is something that is designed to check the compliance boxes at big companies. And some of the advice that those things give is actively harmful as in, when I've used things like that in the past, I would have an addenda that I would send out to the team. “Yeah, ignore this part and this part and this part because it does not work for us.”And there are other things that start trying to surface it all the time as it becomes a constant awareness thing, which makes sense, but it also doesn't necessarily check any contractual boxes. So it's, isn't there something in between that makes sense? I found one company that offered a Slackbot that did this, which sounded interesting. The problem is it was the most condescendingly rude and infuriatingly slow experience that I've had. It demanded itself a whole bunch of permissions to the Slack workspace just to try it out, so I had to spin up a false Slack workspace for testing just to see what happens, and it was, start to finish, the sort of thing that I would not inflict upon my team. So, the hell with it and I moved over to other stuff now. And I'm still looking, but it's the sort of thing where I almost feel like, this is something ChatGPT could have built and cool, give me something that sounds confident, but it's often wrong. Go.Jack: [laugh]. Yeah, Uptycs actually is—we have something called a Otto M8—spelled O-T-T-O space M and then the number eight—and I personally think that's the cutest name ever for Slackbot. I don't have a picture of him to show you, but I would personally give him a bit of a makeover. He's a little nerdy for my likes. But he's got—it's one of those Slackbots.And I'm a huge compliance geek. I was a CISO for over a decade and I know exactly what you mean with that security awareness training and ticking those boxes because I was the guy who wrote the boxes that needed to be ticked because I wrote those control frameworks. And I'm not a CISO anymore because I've already subjected myself to an absolute living hell for long enough, at least for now [laugh]. So, I quit the CISO world.Corey: Oh yeah.Jack: Yeah.Corey: And so, much of it also assumes certain things like I've had people reach out to me trying to shill whatever it is they've built in this space. And okay, great. The problem is that they've built something that is aligned at engineers and developers. Go, here you go. And that's awesome, but we are really an engineering-first company.Yes, most people here have an engineering background and we build some internal tooling, but we don't need an entire curriculum on how to secure the tools that we're building as web interfaces and public-facing SaaS because that's not what we do. Not to mention, what am I supposed to do with the accountants in the sales folks and the marketing staff that wind up working on a lot of these things that need to also go through training? Do I want to sit here and teach them about SQL injection attacks? No, Jack. I do not want to teach them that.Jack: No you don't.Corey: I want them to not plug random USB things into the work laptop and to use a password manager. I'm not here trying to turn them into security engineers.Jack: I used to give a presentation and I onboarded every single employee personally for security. And in the presentation, I would talk about password security. And I would have all these complex passwords up. But, like, “You know what? Let me just show you what a hacker does.”And I'd go and load up dhash and I'd type in my old email address. And oh, there's my password, right? And then I would—I copied the cryptographic hash from dhash and I'd paste that into Google. And I'd be like, “And that's how you crack passwords.” Is you Google the cryptographic hash, the insecure cryptographic hash and hope somebody else has already cracked it.But yeah, it's interesting. The security awareness training is absolutely something that's supposed to be guided for the very fundamental everyman employee. It should not be something entirely technical. I worked at a company where—and I love this, by the way; this is one of the best things I've ever read on Slack—and it was not a message that I was privy to. I had to have the IT team pull the Slack logs so that I could read these direct communications. But it was from one—I think it was the controller to the Vice President of accounting, and the VP of accounting says how could I have done this after all of those phishing emails that Jack sent [laugh]?Corey: Oh God, the phishing emails drives me up a wall, too. It's you're basically training your staff not to trust you and waste their time and playing gotcha. It really creates an adversarial culture. I refuse to do that stuff, too.Jack: My phishing emails are fun, all right? I did one where I pretended that I installed a camera in the break room refrigerator, and I said, we've had a problem with food theft out of the Oakland refrigerator and so I've we've installed this webcam. Log into the sketchy website with your username and password. And I got, like, a 14% phish rate. I've used this campaign at multinational companies.I used to travel around the world and I'd grab a mic at the offices that wanted me to speak there and I'd put the mic real close to my head and I say, “Why did you guys click on the link to the Oakland refrigerator?” [laugh]. I said, “You're in Stockholm for God's sake.” Like, it works. Phishing campaigns work.They just don't work if they're dumb, honestly. There's a lot of things that do work in the security awareness space. One of the biggest problems with security awareness is that people seem to think that there's some minimum amount of time an employee should have to spend on security awareness training, which is just—Corey: Right. Like, for example, here in California, we're required to spend two hours on harassment training every so often—I think it's every two years—and—Jack: Every two years. Yes.Corey: —at least for managerial staff. And it's great, but that leads to things such as, “Oh, we're not going to give you a transcript if you can read the video more effectively. You have to listen to it and make sure it takes enough time.” And it's maddening to me just because that is how the law is written. And yes, it's important to obey the law, don't get me wrong, but at the same time, it just feels like it's an intentional time suck.Jack: It is. It is an intentional time suck. I think what happens is a lot of people find ways to game the system. Look, when I did security awareness training, my controls, the way I worded them, didn't require people to take any training whatsoever. The phishing emails themselves satisfied it completely.I worded that into my control framework. I still held the trainings, they still made people take them seriously. And then if we have a—you know, if somebody got phished horrifically, and let's say wired $2 million to Hong Kong—you know who I'm talking about, all right, person who might is probably not listening to this, thankfully—but [laugh] she did. And I know she didn't complete my awareness training. I know she never took any of it.She also wired $2 million to Hong Kong. Well, we never got that money back. But we sure did spend a lot of executive time trying to. I spent a lot of time on the phone, getting passed around from department to department at the FBI. Obviously, the FBI couldn't help us.It was wired from Mexico to Hong Kong. Like the FBI doesn't have anything to do with it. You know, bless them for taking their time to humor me because I needed to humor my CEO. But, you know, I use those awareness training things as a way to enforce the Code of Conduct. The Code of Conduct requiring disciplinary action for people who didn't follow the security awareness training.If you had taken the 15 minutes of awareness training that I had asked people to do—I mean, I told them to do it; it was the Code of Conduct; they had to—then there would be no disciplinary action for accidentally wiring that money. But people are pretty darn diligent on not doing things like that. It's just a select few that seems to be the ones that get repeatedly—Corey: And then you have the group conversations. One person screws something up and then you wind up with the emails to everyone. And then you have the people who are basically doing the right thing thinking they're being singled out. And—ugh, management is hard, people is hard, but it feels like a lot of these things could be a lot less hard.Jack: You know, I don't think management is hard. I think management is about empathy. And management is really about just positive reinforce—you know what management is? This is going to sound real pretentious. Management's kind of like raising a kid, you know? You want to have a really well-adjusted kid? Every time that kid says, “Hey, Dad,” answer. [crosstalk 00:30:28]—Corey: Yeah, that's a good—that's a good approach.Jack: I mean, just be there. Be clear, consistent, let them know what to expect. People loved my security program at the places that I've implemented it because it was very clear, it was concise, it was easy to understand, and I was very approachable. If anybody had a security concern and they came to me about it, they would [laugh] not get any shame. They certainly wouldn't get ignored.I don't care if they were reporting the same email I had had reported to me 50 times that day. I would personally thank them. And, you know what I learned? I learned that from raising a kid, you know? It was interesting because it was like, the kid I was raising, when he would ask me a question, I would give him the same answer every time in the same tone. He'd be like, “Hey, Jack, can I have a piece of candy?” Like, “No, your mom says you can't have any candy today.” They'd be like, “Oh, okay.” “Can I have a piece of candy?” And I would be like, “No, your mom says you can't have any candy today.” “Can I have a piece of candy, Jack?” I said, “No. Your mom says he can't have any candy.” And I'd just be like a broken record.And he immediately wouldn't ask me for a piece of candy six different times. And I realized the reason why he was asking me for a piece of candy six different times is because he would get a different response the sixth time or the third time or the second time. It was the inconsistency. Providing consistency and predictability in the workforce is key to management and it's key to keeping things safe and secure.Corey: I think there's a lot of truth to that. I really want to thank you for taking so much time out of your day to talk to me about think topics ranging from GPT and ethics to parenting. If people want to learn more, where's the best place to find you?Jack: I'm jack@jackroehrig.com, and I'm also jroehrig@uptycs.com. My last name is spelled—heh, no, I'm kidding. It's a J-A-C-K-R-O-E-H-R-I-G dot com. So yeah, hit me up. You will get a response from me.Corey: Excellent. And I will of course include links to that in the show notes. Thank you so much for your time. I appreciate it.Jack: Likewise.Corey: This promoted guest episode has been brought to us by our friends at Uptycs, featuring Jack Roehrig, Technology Evangelist at same. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment ghostwritten for you by ChatGPT so it has absolutely no content worth reading.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

In a special Wednesday episode, Don Colliver joins us to discuss how to be successful making technical presentations. He is an Enterprise Communications Consultant and Technology Evangelist and the author of "Wink: Transforming Public Speaking With Clown Presence" available in paperback, eBook, hardcover, and audiobook through Amazon and all major retailers. He empowers leaders and enterprise organizations to connect more effectively through their messaging with new-school authenticity, spontaneous fun, and transformative results. For more information, check out: https://www.winktechtalks.com https://www.doncolliver.com/engage --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

Scott Francis, Technology Evangelist from PFU America, discusses the recent branding change between Fujitsu and Ricoh. PFU's document scanners had previously been offered under the Fujitsu brand name. However, Ricoh bought a majority stake in PFU last fall. As such, beginning in April, PFU America, Inc.'s scanners will now be offered under the Ricoh brand name. Host, Kevin Craine

Does community matter? Hell yeah! This week, Femke Cornelissen joins us to chat about the importance of community to her journey to becoming a Technology Evangelist at Wortell in the Netherlands. We chat about her jump from marketing to SharePoint Consultant and how chatting at Ignite helped her realise the power of community.Want to get more involved in the community? Check out these great events already booked in for this year that we are involved in.8 March - Microsoft Ability Summit 2023 - Home (eventcore.com) 13 April - Community day event Netherlands - link coming soon22-24 May - Collab Summit - European Collaboration Summit (collabsummit.eu) 2-4 May – M365 Conference - https://m365conf.com/   13 June - Community Days | Viva Explorers Belgium 15 June - aMS Berlin - 15.06.2023: Call for Speakers @ Sessionize.com Experts Live 25 May  - Experts Live - Netherlands18-20 September Experts Live - Prague20-22 June - EPPC - European SharePoint, Office 365 & Azure Conference (sharepointeurope.com) 21-22 June - Commsverse - The Microsoft Teams Conference 2023 5 Aug - Scottish Summit - Microsoft Cloud community Event 18-20 September -  Location | Experts Live EU 27th September 2023 - CollabDays Bletchley Park 2023 | Collabdays 13-14 Oct - South Coast Summit - South Coast Summit – A Microsoft Cloud Technology Conference 15-16 November - Microsoft Ignite - Home - Microsoft Ignite Information Home Page 27-30 Nov - ESPC- European SharePoint, Office 365 & Azure Conference (sharepointeurope.com) Photo by William White on Unsplash

Cyber Security is big business. In fact, it's estimated to be worth $160 billion. But that's likely to be peanuts compared to the value of cyber crime, which is estimated to cost the global economy $600 billion in 2022 - nearly 1% of the global economy. And just one corner of that - ransomware - costs the same in damage and paid-out fees as the entire cyber security industry: $160 billion. In fact, if ransomware was a country, its GDP would be higher than Morocco or Kuwait. In this episode, we'll be examining the rise of ransomware, where the risk lies in modern-day attacks, who is behind them, and what we can do about it.For Hewlett Packard Enterprise Senior Vice President and Global Chief Security Officer Bobby Ford, defeating ransomware is a constant and growing battle because its a straightforward payout for criminal gangs - there is no need to try and sell stolen data on the dark web or to foreign governments, you simply sell the victim back their access. He argues that the key to protecting ourselves is twofold. Firstly, use two-factor authentication wherever possible to guard against human weak-points such as opening infected emails. Secondly, be prepared to defend yourself. Be aware of the threats and where they are coming from, and mitigate them where you can, so long as it doesn't affect the running of your organisation. Beyond that, have a plan in place for being attacked, be that data recovery or, unfortunately, paying up. Chris Rogers is a Technologist at cyber security firm Zerto. He agrees that ransomware can be hard to avoid because humans are an inherent weakpoint, and ransomware attacks often come through human social engineering rather than password cracking. He points out that even momentary downtime can cause millions of dollars in damages. He agrees with Bobby that robust, quickly spooled up backups are an essential part of doing business. Unfortunately, that's easier said than done: Backups can sometimes be limited access, which is great for security but leaves organisations vulnerable if the key holder isn't immediately available. Beyond that, backups have to maintained incredibly regularly, as even a day's lost work for a large organisation can be a major blow. On the other hand, any back-up is better than no preparation at all. But how are cyber security threats like ransomware being treated at the very top of the tree? When it comes to cyber security, it doesn't get much more high value or (hopefully) secure than financial institutions. George Webster is chief Security Architect for HSBC. His office is tasked with quickly assessing threats, in particular APTs or Advanced Persistent Threats, and providing tools to counter them. He argues that the primary risk increase of the last couple of years has been people working from home, in situations where there are distractions and their security awareness may not be as strong as it was in the office. He also argues that on a wider level, it's not just staff who become more vulnerable as they are spread out: As ransomware becomes an increasing problem internationally, no organisation is safe anywhere in the world and being aware of the risk is key to countering it without shutting yourself off from the outside.The long show notes for this episode can be found here: https://community.hpe.com/t5/hpe-blog-uk-ireland-middle-east/ransomware-should-we-be-worried/ba-p/7183709#.Y_3FpHbP1PY 

About JackJack is Uptycs' outspoken technology evangelist. Jack is a lifelong information security executive with over 25 years of professional experience. He started his career managing security and operations at the world's first Internet data privacy company. He has since led unified Security and DevOps organizations as Global CSO for large conglomerates. This role involved individually servicing dozens of industry-diverse, mid-market portfolio companies.Jack's breadth of experience has given him a unique insight into leadership and mentorship. Most importantly, it fostered professional creativity, which he believes is direly needed in the security industry. Jack focuses his extra time mentoring, advising, and investing. He is an active leader in the ISLF, a partner in the SVCI, and an outspoken privacy activist. Links Referenced: UptycsSecretMenu.com: https://www.uptycssecretmenu.com Jack's email: jroehrig@uptycs.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: If you asked me to rank which cloud provider has the best developer experience, I'd be hard-pressed to choose a platform that isn't Google Cloud. Their developer experience is unparalleled and, in the early stages of building something great, that translates directly into velocity. Try it yourself with the Google for Startups Cloud Program over at cloud.google.com/startup. It'll give you up to $100k a year for each of the first two years in Google Cloud credits for companies that range from bootstrapped all the way on up to Series A. Go build something, and then tell me about it. My thanks to Google Cloud for sponsoring this ridiculous podcast.Corey: This episode is brought to us by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out. Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends at Uptycs. And they have sent me their Technology Evangelist, Jack Charles Roehrig. Jack, thanks for joining me.Jack: Absolutely. Happy to spread the good news.Corey: So, I have to start. When you call yourself a technology evangelist, I feel—just based upon my own position in this ecosystem—the need to ask, I guess, the obvious question of, do you actually work there, or have you done what I do with AWS and basically inflicted yourself upon a company. Like, well, “I speak for you now.” The running gag that becomes more true every year is that I'm AWS's chief marketing officer.Jack: So, that is a great question. I take it seriously. When I say technology evangelist, you're speaking to Jack Roehrig. I'm a weird guy. So, I quit my job as CISO. I left a CISO career. For, like, ten years, I was a CISO. Before that, 17 years doing stuff. Started my own thing, secondaries, investments, whatever.Elias Terman, he hits me up and he says, “Hey, do you want this job?” It was an executive job, and I said, “I'm not working for anybody.” And he says, “What about a technology evangelist?” And I was like, “That's weird.” “Check out the software.”So, I'm going to check out the software. I went online, I looked at it. I had been very passionate about the space, and I was like, “How does this company exist in doing this?” So, I called him right back up, and I said, “I think I am.” He said, “You think you are?” I said, “Yeah, I think I'm your evangelist. Like, I think I have to do this.” I mean, it really was like that.Corey: Yeah. It's like, “Well, we have an interview process and the rest.” You're like, “Yeah, I have a goldfish. Now that we're done talking about stuff that doesn't matter, I'll start Monday.” Yeah, I like the approach.Jack: Yeah. It was more like I had found my calling. It was bizarre. I negotiated a contract with him that said, “Look, I can't just work for Uptycs and be your evangelist. That doesn't make any sense.” So, I advise companies, I'm part of the SVCI, I do secondaries, investment, I mentor, I'm a steering committee member of the ISLF. We mentor security leaders.And I said, “I'm going to continue doing all of these things because you don't want an evangelist who's just an Uptycs evangelist.” I have to know the space. I have to have my ear to the ground. And I said, “And here's the other thing, Elias. I will only be your evangelist while I'm your evangelist. I can't be your evangelist when I lose passion. I don't think I'm going to.”Corey: The way I see it, authenticity matters in this space. You can sell out exactly once, so make it count because you're never going to be trusted again to do it a second time. It keeps people honest, at least the ones you actually want to be doing work with. So, you've been in the space a long time, 20 years give or take, and you've seen an awful lot. So, I'm curious, given that I tend to see about, you know, six or seven different companies in the RSA Sponsor Hall every year selling things because you know, sure hundreds of booths, bunch of different marketing logos and products, but it all distills down to the same five or six things.What did you see about Uptycs that made you say, “This is different?” Because to be very direct, looking at the website, it's, “Oh, what do you sell?” “Acronyms. A whole bunch of acronyms that, because I don't eat, sleep, and breathe security for a living, I don't know what most of them mean, but I'm sure they're very impressive and important.” What does it actually do, for those of us who are practitioners, but not swimming in the security vendor stream?Jack: So, I've been obsessed with this space and I've seen the acronyms change over and over and over again. I'm always the first one to say, “What does that mean?” As the senior guy in the room a lot of time. So, acronyms. What does Uptycs do? What drew me into them? They did HIDS, Host Intrusion Detection System. I don't know if you remember that. Turned into—Corey: Oh, yeah. OSSEC was the one I always wound up using, the open-source version. OSSEC [kids 00:04:10]. It's like, oh, instead of paying a vendor, you can contribute it yourself because your time is free, right? Free as in puppy, or these days free as in tier when it comes to cloud.Jack: Oh, I like that. So, yeah, I became obsessed with this HIDS stuff. I think it was evident I was doing it, that it was threat [unintelligible 00:04:27]. And these companies, great companies. I started this new job in an education technology company and I needed a lot of work, so I started to play around with more sophisticated HIDS systems, and I fell in love with it. I absolutely fell in love with it.But there are all these limitations. I couldn't find this company that would build it right. And Uptycs has this reputation as being not very sexy, you know? People telling me, “Uptycs? You're going to Uptycs?” Yeah—I'm like, “Yeah. They're doing really cool stuff.”So, Uptycs has, like, this brand name and I had referred Uptycs before without even knowing what it was. So, here I am, like, one of the biggest XDR, I hope to say, activists in the industry, and I didn't know about Uptycs. I felt humiliated. When I heard about what they were doing, I felt like I wasted my career.Corey: Well, that's a strong statement. Let's begin with XDR. To my understanding, that some form of audio cable standard that I use to plug into my microphone. Some would say it, “X-L-R.” I would say sounds like the same thing. What is XDR?Jack: What is it, right? So, [audio break 00:05:27] implement it, but you install an agent, typically on a system, and that agent collects data on the system: what processes are running, right? Well, maybe it's system calls, maybe it's [unintelligible 00:05:37] as regular system calls. Some of them use the extended Berkeley Packet Filter daemon to get stuff, but one of the problems is that we are obtaining low-level data on an operating system, it's got to be highly specific. So, you collect all this data, who's logging in, which passwords are changing, all the stuff that a hacker would do as you're typing on the computer. You're maybe monitoring vulnerabilities, it's a ton of data that you're monitoring.Well, one of the problems that these companies face is they try to monitor too much. Then some came around and they tried to monitor too little, so they weren't as real-time.Corey: Sounds like a little pig story here.Jack: Yeah [laugh], exactly. Another company came along with a fantastic team, but you know, I think they came in a little late in the game, and it looks like they're folding now. They were wonderful company, but the one of the biggest problems I saw was the agent, the compatibility. You know, it was difficult to deploy. I ran DevOps and security and my DevOps team uninstalled the agent because they thought there was a problem with it, we proved there wasn't and four months later, they hadn't completely reinstall it.So, a CISO who manages the DevOps org couldn't get his own DevOps guy to install this agent. For good reason, right? So, this is kind of where I'm going with all of this XDR stuff. What is XDR? It's an agent on a machine that produces a ton of data.I—it's like omniscience. Yes, I started to turn it in, I would ping developers, I was like, “Why did you just run sudo on that machine?” Right. I mean, I knew everything was going on in the space, I had a good intro to all the assets, they technically run on the on-premise data center and the quote-unquote, “Cloud.” I like to just say the production estate. But it's omniscience. It's insights, you can create rules, it's one of the most powerful security tools that exists.Corey: I think there's a definite gap as far as—let's narrow this down to cloud for just a second before we expand this into the joy that has data centers—where you can instrument a whole bunch of different security services in any cloud provider—I'm going to pick on AWS because they're the 800-pound gorilla in the room, and frankly, they could use taking down a peg or two by and large—and you wind up configuring all the different security services that in some cases seem totally unaware of each other, but that's the AWS product portfolio for you. And you do the math out and realize that it theoretically would cost you—to enable all these things—about three times as much as the actual data breach you're ideally trying to prevent against. So, on some level, it feels like, “Heads, I win; tails, you lose,” style scenario.And the answer that people have started reaching out to third-party vendors to wind up tying all of this together into some form of cohesive narrative that a human being has a hope in hell of understanding. But everything I've tried to this point still feels like it is relatively siloed, focused on the whole fear, uncertainty, and doubt that is so inherent to so much of the security world's marketing. And it's almost like cost control where you can spend almost limitless amount of time, energy, money, et cetera, trying to fix these things, but it doesn't advance your company to the next milestone. It's like buying fire insurance on your building. You can spend all the money on fire insurance. Great, it doesn't get you to the next milestone that propels your company forward. It's all reactive instead of proactive. So, it feels like it is never the exciting, number-one priority for companies until right after it should have been higher in the list than it was.Jack: So, when I worked at Turnitin, we had saturated the market. And we worked in education, technology space globally. Compliance everywhere. So, I just worked on the Australian Data Infrastructure Act of 2020. I'm very familiar with the 27 data privacy regulations that are [laugh] in scope for schools. I'm a FERPA expert, right? I know that there's only one P in HIPAA [laugh].So, all of these compliance regulations drove schools and universities, consortiums, government agencies to say, “You need to be secure.” So, security at Turnitin was the number one—number one—key performance indicator of the company for one-and-a-half years. And these cloud security initiatives didn't just make things more secure. They also allowed me to implement a reasonable control framework to get various compliance certifications. So, I'm directly driving sales by deploying these security tools.And the reason why that worked out so great is, by getting the certifications and by building a sensible control framework layer, I was taking these compliance requirements and translating them into real mitigations of business risk. So, the customers are driving security as they should. I'm implementing sane security controls by acting as the chief security officer, company becomes more secure, I save money by using the correct toolset, and we increased our business by, like, 40% in a year. This is a multibillion-dollar company.Corey: That is definitely a story that resonates, especially with organizations that are—or they should be—compliance-forward and having to care about the nature of what it is that they're doing. But I have a somewhat storied history in working in FinTech and large-scale financial services. One of the nice things about that job, which is sort of a weird thing to say there if you don't want to get ejected from the room, has been, “Yeah well, it's only money,” in the final analysis. Because yeah, no one dies if you wind up screwing that up. People's kids don't get exposed.It's just okay, people have to fill out a bunch of forms and you get sued into oblivion and you're not there anymore because the first role of a CISO is to be ablative and get burned away whenever there's a problem. But it still doesn't feel like it does more for a number of clients than, on some level, checking a box that they feel needs to be checked. Not that it shouldn't be, necessarily, but I have a hard time finding people that get passionately excited about security capabilities. Where are they hiding?Jack: So, one of the biggest problems that you're going to face is there are a lot of security people that have moved up in the ranks through technology and not through compliance and technology. These people will implement control frameworks based on audit requirements that are not bespoke to their company. They're doing it wrong. So, we're not ticking boxes; I'm creating boxes that need to be ticked to secure the infrastructure. And at Turnitin, Turnitin was a company that people were forced to use to submit their works in the school.So, imagine that you have to submit a sensitive essay, right? And that sensitive essay goes to this large database. We have the Taiwanese government submitting confidential data there. I had the chief scientist at NASA submitting in pre-publication data there. We've got corporate trade secrets that are popped in there. We have all kinds of FDA pre-approval stuff. This is a plagiarism detection software being used by large companies, governments, and 12-year-old girls, right, who don't want their data leaked.So, if you look at it, like, this is an ethical thing that is required for us to do, our customers drive that, but truly, I think it's ethics that drive it. So, when we implemented a control framework, I didn't do the minimum, I didn't run an [unintelligible 00:12:15] scan that nobody ran. I looked for tools that satisfied many boxes. And one of the things about the telemetry at scale, [unintelligible 00:12:22], XDR, whatever want to call it, right? But the agent-based systems that monitor for all of us this run-state data, is they can take a lot of your technical SOC controls.Furthermore, you can use these tools to improve your processes like incident response, right? You can use them to log things. You can eliminate your SIEM by using this for your DLP. The problem of companies in the past is they wouldn't deploy on the entire infrastructure. So, you'd get one company, it would just be on-prem, or one company that would just run on CentOS.One of the reasons why I really liked this Uptycs company is because they built it on an osquery. Now, if you mention osquery, a lot of people glaze over, myself included before I worked at Uptycs. But apparently what it is, is it's this platform to collect a ton of data on the run state of a machine in real-time, pop it into a normalized SQL database, and it runs on a ton of stuff: Mac OS, Windows, like, tons of version of Linux because it's open-source, so people are porting it to their infrastructure. And that was one of these unique differentiators is, what is the cloud? I mean, AWS is a place where you can rapidly prototype, there's tons of automation, you can go in and you build something quickly and then it scales.But I view the cloud as just a simple abstraction to refer to all of my assets, be them POPS, on-premise data machines, you know, the corporate environment, laptops, desktops, the stuff that we buy in the public clouds, right? These things are all part of the greater cloud. So, when I think cloud security, I want something that does it all. That's very difficult because if you had one tool run on your cloud, one tool to run on your corporate environment, and one tool to run for your production environment, those tools are difficult to manage. And the data needs to be ETL, you know? It needs to be normalized. And that's very difficult to do.Our company is doing [unintelligible 00:14:07] security right now as a company that's taking all these data signals, and they're normalizing them, right, so that you can have one dashboard. That's a big trend in security right now. Because we're buying too many tools. So, I guess the answer that really is, I don't see the cloud is just AWS. I think AWS is not just data—they shouldn't call themselves the cloud. They call themselves the cloud with everything. You can come in, you can rapidly prototype your software, and you know what? You want to run to the largest scale possible? You can do that too. It's just the governance problem that we run into.Corey: Oh, yes. The AWS product strategy is pretty clearly, in a word, “Yes,” written on a Post-it note somewhere. That's the easiest job in the world is running their strategy. The challenge, too, is that we don't live in a world where monocultures are a thing anymore because regardless—if you use AWS for the underlying infrastructure, great, that makes a lot of sense. Use it for a lot of the higher-up the stack, SaaS-y type things that you don't want to have to build yourself from—by going to Home Depot and picking up components, you're doing something relatively foolish in most cases.They're a plumbing company not a porcelain company, in many respects. And regardless of what your intention is around multiple clouds, people wind up using different things. In most cases, you're going to be storing your source code in GitHub, not in AWS CodeCommit because CodeCommit doesn't really have any customers, for reasons that become blindingly apparent the first time you try to use it for something. So, you always wind up with these cross-cloud, cross-infrastructure stories. For any company that had the temerity to be founded before 2010, they probably have an on-premises data center as well—or six or more—and you're starting to try to wind up having a whole bunch of different abstractions viewed through the same lenses in terms of either observability or control plane or governance, or—dare I say it—security. And it feels like there are multiple approaches, all of which have their drawbacks, which of course means, it's complicated. What's your take on it?Jack: So, I think it was two years ago we started to see tools to do signal consumption. They would aggregate those signals and they would try and produce meaningful results that were actionable rather than you having to go and look at all this granular data. And I think that's phenomenal. I think a lot of companies are going to start to do that more and more. One of the other trends people do is they eliminated data and they went machine-learning and anomaly detection. And that didn't work.It missed a lot of things, right, or generated a lot of false positive. I think that one of the next big technologies—and I know it's been done for two years—but I think we're the next things we're going to see is the axonius of the consumption of events, the categorization into alerts-based synthetic data classification policies, and we're going to look at the severity classifications of those, they're going to be actionable in a priority queue, and we're going to eliminate the need for people that don't like their jobs and sit at a SOC all day and analyze a SIEM. I don't ever run a SIEM, but I think that this diversity can be a good thing. So, sometimes it's turned out to be a bad thing, right? We wanted to diversity, we don't want all the data to be homogenous. We don't need data standards because that limits things. But we do want competition. But I would ask you this, Corey, why do you think AWS? We remember 2007, right?Corey: I do. Oh, I've been around at least that long.Jack: Yeah, you remember when S3 came up. Was that 2007?Corey: I want to say 2004, 2005 in beta, and then relaunched as the first general available service. The first beta service was SQS, so there's always some question about which one was first. I don't get in the middle of those fights because all I'm going to do is upset people.Jack: But S3 was awesome. It still is awesome, right?Corey: Oh yes.Jack: And you know what I saw? I worked for a very older company with very strict governance. You know with SOX compliance, which is a joke, but we also had SOC compliance. I did HIPAA compliance for them. Tons of compliance to this.I'm not a compliance off, too, by trade. So, I started seeing [x cards 00:17:54], you know, these company personal cards, and people would go out and [unintelligible 00:17:57] platform because if they worked with my teams internally, if they wanted to get a small app deployed, it was like a two, three-month process. That process was long because of CFO overhead, approvals, vendor data security vetting, racking machines. It wasn't a problem that was inherent to the technology. I actually built a self-service cloud in that company. The problem was governance. It was financial approvals, it was product justification.So, I think AWS is really what made the internet inflect and scale and innovate amazingly. But I think that one of the things that it sacrificed was governance. So, if you tie a lot of what we're saying back together, by using some sort of tool that you can pop into a cloud environment and they can access a hundred percent of the infrastructure and look for risks, what you're doing is you're kind of X-Ray visioning into all these nodes that were deployed rapidly and kept around because they were crown jewels, and you're determining the risks that lie on them. So, let's say that 10 or 15% of your estate is prototype things that grew at a scale and we can't pull back into our governance infrastructure. A lot of times people think that those types of team machines are probably pretty locked down and they're probably low risk.If you throw a company on the side scanner or something like that, you'll see they have 90% of the risk, 80% of the risk. They're unpatched and they're old. So, I remember at one point in my career, right, I'm thinking Amazon's great. I'm—[unintelligible 00:19:20] on Amazon because they've made the internet go, they influxed. I mean, they've scaled us up like crazy.Corey: Oh, the capability store is phenomenal. No argument there.Jack: Yeah. The governance problem, though, you know, the government, there's a lot of hacks because of people using AWS poorly.Corey: And to be clear, that's everyone. We all are. I take a look at some of the horrible technical decisions I made even a couple of years ago, based upon what I know now, it's difficult to back out and wind up doing things the proper way. I wrote an article a while back, “17 Ways to Run Containers on AWS,” and listed all the services. And I think it was a little on the nose, but then I wrote 17, “More Ways to Run Containers on AWS,” but different services. And I'm about three-quarters of the way through the third in the sequel. I just need a couple more releases and we're good to go.Jack: The more and more complexity you add, the more security risk exists. And I've heard horror stories. Dictionary.com lost a lot of business once because a couple of former contractors deleted some instances in AWS. Before that, they had a secret machine they turned into a pixel [unintelligible 00:20:18] and had take down their iPhone app.I've seen some stuff. But one of the interesting things about deploying one of these tools in AWS, they can just, you know, look X-Ray vision on into all your compute, all your storage and say, “You have PIIs stored here, you have personal data stored here, you have this vulnerability, that vulnerability, this machine has already been compromised,” is you can take that to your CEO as a CISO and say, “Look, we were wrong, there's a lot of risk here.” And then what I've done in the past is I've used that to deploy HIDS—XDR, telemetry at scale, whatever you want to call it—these agent-based solutions, I've used that to justification for them. Now, the problem with this solutions that use agentless is almost all of them are just in the cloud. So, just a portion of your infrastructure.So, if your hybrid environment, you have data centers, you're ignoring the data centers. So, it's interesting because I've seen these companies position themselves as competitors when really, they're in complementary spaces, but one of them justified the other for me. So, I mean, what do you think about that awkward competition? Why was this competition exists between these people if they do completely different things?Corey: I'll take it a step further. I'm a big believer that security for the cloud providers should not be a revenue generator in any meaningful sense because at that point, they wind up with an inherent conflict of interest, where when they start charging, especially trying to do value-based pricing as they move up the stack, what they're inherently saying is, great, you can get our version of our services that is less secure, so that they're what they're doing is they're making security on their platform an inherent investment decision. And I've never been a big believer in that approach.Jack: The SSO tax.Corey: Oh, yes. And many others.Jack: Yeah. So, I was one of the first SSO tax contributors. That started it.Corey: You want data plane audit logging? Great, that'll cost you. But they finally gave in a couple of years back and made the first management trail for CloudTrail audit logging free for everyone. And people still advertently built second ones and then wonder why they're paying through the nose. Like, “Oh, that's 40 grand a month. That should be zero.” Great. Send that to your SIEM and then have that pass it out to where it needs to go. But so much of it is just these weird configuration taxes that people aren't fully aware exist.Jack: It's the market, right? The market is—so look at Amazon's IAM. It is amazing, right? It's totally robust, who is using it correctly? I know a lot of people are. I've been the CISO for over 100 companies and IAM is was one of those things that people don't know how to use, and I think the reason is because people aren't paying for it, so AWS can continue to innovate on it.So, we find ourselves with this huge influx of IAM tools in the startup scene. We all know Uptycs does some CIAM and some identity management stuff. But that's a great example of what you're talking about, right? These cloud companies are not making the things inherently secure, but they are giving some optionality. The products don't grow because they're not being consumed.And AWS doesn't tend to advertise them as much as the folks in the security industry. It's been one complaint of mine, right? And I absolutely agree with you. Most of the breaches are coming out of AWS. That's not AWS's fault. AWS's infrastructure isn't getting breached.It's the way that the customers are configuring the infrastructure. That's going to change a lot soon. We're starting to see a lot of change. But the fundamental issue here is that security needs to be invested in for short-term initiatives, not just for long-term initiatives. Customers need to care about security, not compliance. Customers need to see proof of security. A customer should be demanding that they're using a secure company. If you've ever been on the vendor approval side, you'll see it's very hard to push back on an insecure company going through the vendor process.Corey: This episode is sponsored in part by our friends at Uptycs, because they believe that many of you are looking to bolster your security posture with CNAPP and XDR solutions. They offer both cloud and endpoint security in a single UI and data model. Listeners can get Uptycs for up to 1,000 assets through the end of 2023 (that is next year) for $1. But this offer is only available for a limited time on UptycsSecretMenu.com. That's U-P-T-Y-C-S Secret Menu dot com.Corey: Oh, yes. I wound up giving probably about 100 companies now S3 Bucket Negligence Awards for being public about failing to secure their data and put that out into the world. I had one physical bucket made, the S3 Bucket Responsibility Award and presented it to their then director of security over at the Pokémon Company because there was a Wall Street Journal article talking about how their security review—given the fact that they are a gaming company that has children as their primary customer—they take it very seriously. And they cited the reason they're not to do business with one unnamed vendor was in part due to the lackadaisical approach around S3 bucket control. So, that was the one time I've seen in public a reference where, “Yeah, we were going to use a vendor and their security story was terrible, and we decided not to.”It's, why is that news? That should be a much more common story, but these days, it feels like procurement is rubber-stamping it and, like, “Okay, great. Fill out the form.” And, “Okay, you gave some wrong answers on the form. Try it again and tell the story differently until it gets shoved through.” It feels like it's a rubber stamp rather than a meaningful control.Jack: It's not a rubber stamp for me when I worked in it. And I'm a big guy, so they come to me, you know, like—that's how being, like, career law, it's just being big and intimidating. Because that's—I mean security kind of is that way. But, you know, I've got a story for you. This one's a little more bleak.I don't know if there's a company called Ask.fm—and I'll mention them by name—right, because, well, I worked for a company that did, like, a hostile takeover this company. And that's when I started working with [unintelligible 00:25:23]. [unintelligible 00:25:24]. I speak Russian and I learned it for work. I'm not Russian, but I learned the language so that I could do my job.And I was working for a company with a similar name. And we were in board meetings and we were crying, literally shedding tears in the boardroom because this other company was being mistaken for us. And the reason why we were shedding tears is because young women—you know, 11 to 13—were committing suicide because of online bullying. They had no health and safety department, no security department. We were furious.So, the company was hosted in Latvia, and we went over there and we installed one I lived in Latvia for quite a bit, working as the CISO to install a security program along with the health and safety person to install the moderation team. This is what we need to do in the industry, especially when it comes to children, right? Well, regulation solve it? I don't know.But what you're talking about the Pokémon video game, I remember that right? We can't have that kind of data being leaked. These are children. We need to protect them with information security. And in education technology, I'll tell you, it's just not a budget priority.So, the parents need to demand the security, we need to demand these audit certifications, and we need to demand that our audit firms are audited better. Our audit firms need to be explaining to security leaders that the control frameworks are something that they're responsible for creating bespoke. I did a presentation with Al Kingsley recently about security compliance, comparing FERPA and COPPA to the GDPR. And it was very interesting because FERPA has very little teeth, it's very long code and GDPR is relatively brilliant. GDPR made some changes. FERPA was so ambiguous and vague, it made a lot of changes, but they were kind of like, in any direction ever because nobody knows FERPA is. So, I don't know, what's the answer to that? What do we do?Corey: Yeah. The challenge is, you can see a lot of companies in specific areas doing the right thing, when they're intentionally going out on day one to, for example, service kids as a primary user base demographic. The challenge that you see with this is that, that's great, but then you have things that are not starting off with that point of view. And they started running into population limits and realize, okay, we've got to start expanding our user base somewhere, and then they went a bolting on those things is almost as an afterthought, where, “Oh, well, we've been basically misusing people's data for our entire existence, but now—now—we're suddenly magically going to do the right thing where kids are concerned.” I wish, but unfortunate that philosophy assumes a better take of humanity than is readily apparent.Jack: I wonder why they do that though, right? Something's got to, you know, news happened or something and that's why they're doing it. And that's not okay. But I have seen companies, one of the founders of Scantron—do you know what a Scantron is?Corey: Oh, yes. I'm much older than I look.Jack: Yeah, I'm much older than I look, too. I like to think that. But for those that don't know, a scantron, use a number two pencil and you filled in these little dots. And it was for taking tests. So, the guy who started Scantron, created a small two-person company.And AWS did something magnificent. They recognized that it was an education technology company, and they gave them, for free, security consultation services, security implementation services. And when we bought this company—I'm heavily involved in M&A, right—I'm sitting down with the two founders of the company, and my jaw is on the desk. They were more secure than a lot of the companies that I've worked with that had robust security departments. And I said, “How did you do this?”They said, “AWS provided us with this free service because we're education technology.” I teared up. My heart was—you know, that's amazing. So, there are companies that are doing this right, but then again, look at Grammarly. I hate to pick on Grammarly. LanguageTool is an open-source I believe, privacy-centric Grammarly competitor, but Grammarly, invest in your security a little more, man. Y'all were breached. They store a lot of data, they [unintelligible 00:29:10] lot of the data.Corey: Oh, and it scared the living hell out of companies realizing that they had business users using Grammarly as an extension to work on internal documents and just sending proprietary data to some third-party service that they clicked through the terms on and I don't know that it was ever shown the Grammarly was misusing any of that, but the potential for that is massive.Jack: Do you know what they were doing with it?Corey: Well, using AI to learn these things. Yeah, but it's the supervision story always involves humans reading it.Jack: They were building a—and I think—nobody knows the rumor, but I've worked in the industry, right, pretty heavily. They're doing something great for the world. I believe they're building a database of works submitted to do various things with them. One of those things is plagiarism detection. So, in order to do that they got to store, like, all of the data that they're processing.Well, if you have all the data that you've done for your company that's sitting in this Grammarly database and they get hacked—luckily, that's a lot of data. Maybe you'll be overlooked. But I've data breach database sitting here on my desk. Do you know how many rows it's got? [pause]. Yes, breach database.Corey: Oh, I wouldn't even begin to guess. I know the data volumes that Troy Hunt's Have I Been Pwned? Site winds up dealing with and it is… significant.Jack: How many billions of rows do you think it is?Corey: Ah, I'd say 20 as an argument?Jack: 34.Corey: Okay. Yeah, directionally right. Fermi estimation saves us yet again.Jack: [laugh]. The reason I build this breach database is because I thought Covid would slow down and I wanted it to do executive protection. Companies in the education space also suffer from [active 00:30:42] shooters and that sort of thing. So, that's another thing about security, too, is it transcends all these interesting areas, right? Like here, I'm doing executive risk protection by looking at open-source data.Protect the executives, show the executives that security is a concern, these executives that'll realize security's real. Then these past that security down in the list of priorities, and next thing you know, the 50 million active students that are using Turnitin are getting better security. Because an executive realized, “Hey, wait a minute, this is a real thing.” So, there's a lot of ways around this, but I don't know, it's a big space, there's a lot of competition. There's a lot of companies that are coming in and flashing out of the pan.A lot of companies are coming in and building snake oil. How do people know how to determine the right things to use? How do people don't want to implement? How do people understand that when they deploy a program that only applies to their cloud environment it doesn't touch there on-prem where a lot of data might be a risk? And how do we work together? How do we get teams like DevOps, IT, SecOps, to not fight each other for installing an agent for doing this?Now, when I looked at Uptycs, I said, “Well, it does the EDR for corp stuff, it does the host intrusion detection, you know, the agent-based stuff, I think, for the well because it uses a buzzword I don't like to use, osquery. It's got a bunch of cloud security configuration on it, which is pretty commoditized. It does agentless cloud scanning.” And it—really, I spent a lot of my career just struggling to find these tools. I've written some myself.And when I saw Uptycs, I was—I felt stupid. I couldn't believe that I hadn't used this tool, I think maybe they've increased substantially their capabilities, but it was kind of amazing to me that I had spent so much of my time and energy and hadn't found them. Luckily, I decided to joi—actually I didn't decide to join; they kind of decided for me—and they started giving it away for free. But I found that Uptycs needs a, you know, they need a brand refresh. People need to come and take a look and say, “Hey, this isn't the old Uptycs. Take a look.”And maybe I'm wrong, but I'm here as a technology evangelist, and I'll tell you right now, the minute I no longer am evangelists for this technology, the minute I'm no longer passionate about it, I can't do my job. I'm going to go do something else. So, I'm the one guy who will put it to your brass tacks. I want this thing to be the thing I've been passionate about for a long time. I want people to use it.Contact me directly. Tell me what's wrong with it. Tell me I'm wrong. Tell me I'm right. I really just want to wrap my head around this from the industry perspective, and say, “Hey, I think that these guys are willing to make the best thing ever.” And I'm the craziest person in security. Now, Corey, who's the craziest person security?Corey: That is a difficult question with many wrong answers.Jack: No, I'm not talking about McAfee, all right. I'm not that level of crazy. But I'm talking about, I was obsessed with this XDR, CDR, all the acronyms. You know, we call it HIDS, I was obsessed with it for years. I worked for all these companies.I quit doing, you know, a lot of very good entrepreneurial work to come work at this company. So, I really do think that they can fix a lot of this stuff. I've got my fingers crossed, but I'm still staying involved in other things to make these technologies better. And the software's security space is going all over the place. Sometimes it's going bad direction, sometimes it's going to good directions. But I agree with you about Amazon producing tools. I think it's just all market-based. People aren't going to use the complex tools of Amazon when there's all this other flashy stuff being advertised.Corey: It all comes down to marketing budget, and AWS has always struggled with telling a story. I really want to thank you for being so generous with your time. If people want to learn more, where should they go?Jack: Oh, gosh, everywhere. But if you want to learn more about Uptycs, why don't you just email me?Corey: We will, of course, put your email address into the show notes.Jack: Yeah, we'll do it.Corey: Don't offer if you're not serious. There's also uptycssecretmenu.com, which is apparently not much of a secret, given the large banner all over Uptycs' website.Jack: Have you seen this? Let me just tell you about this. This is not a catch. I was blown away by this; it's one of the reasons I joined. For a buck, if you have between 100 and 1000 nodes, right, you get our agentless system and our agent-based system, right?I think it's only on AWS. But that's, like, what, $150, $180,000 value? You get it for a full year. You don't have to sign a contract to renew or anything. Like, you just get it for a buck. If anybody who doesn't go on to the secret menu website and pay $1 and check out this agentless solution that deploys in two minutes, come on, man.I challenge everybody, go on there, do that, and tell me what's wrong with it. Go on there, do that, and give me the feedback. And I promise you I'll do everything in my best efforts to make it the best. I saw the engineering team in this company, they care. Ganesh, the CEO, he is not your average CEO.This guy is in tinkerers. He's on there, hands on keyboard. He responds to me in the middle of night. He's a geek just like me. But we need users to give us feedback. So, you got this dollar menu, you sign up before the 31st, right? You get the product for buck. Deploy the thing in two minutes.Then if you want to do the XDR, this agent-based system, you can deploy that at your leisure across whichever areas you want. Maybe you want a corporate network on laptops and desktops, your production infrastructure, your compute in the cloud, deploy it, take a look at it, tell me what's wrong with it, tell me what's right with it. Let's go in there and look at it together. This is my job. I want this company to work, not because they're Uptycs but because I think that they can do it.And this is my personal passion. So, if people hit me up directly, let's chat. We can build a Slack, Uptycs skunkworks. Let's get this stuff perfect. And we're also going to try and get some advisory boards together, like, maybe a CISO advisory board, and just to get more feedback from folks because I think the Uptycs brand has made a huge shift in a really positive direction.And if you look at the great thing here, they're unifying this whole agentless and agent-based stuff. And a lot of companies are saying that they're competing with that, those two things need to be run together, right? They need to be run together. So, I think the next steps here, check out that dollar menu. It's unbelievable. I can't believe that they're doing it.I think people think it's too good to be true. Y'all got nothing to lose. It's a buck. But if you sign up for it right now, before the December 31st, you can just wait and act on it any month later. So, just if you sign up for it, you're just locked into the pricing. And then you want to hit me up and talk about it. Is it three in the morning? You got me. It's it eight in the morning? You got me.Corey: You're more generous than I am. It's why I work on AWS bills. It's strictly a business-hours problem.Jack: This is not something that they pay me for. This is just part of my personal passion. I have struggled to get this thing built correctly because I truly believe not only is it really cool—and I'm not talking about Uptycs, I mean all the companies that are out there—but I think that this could be the most powerful tool in security that makes the world more secure. Like, in a way that keeps up with the security risks increasing.We just need to get customers, we need to get critics, and if you're somebody who wants to come in and prove me wrong, I need help. I need people to take a look at it for me. So, it's free. And if you're in the San Francisco Bay Area and you give me some good feedback and all that, I'll take you out to dinner, I'll introduce you to startup companies that I think, you know, you might want to advise. I'll help out your career.Corey: So, it truly is dollar menu then.Jack: Well, I'm paying for the dinner out my personal thing.Corey: Exactly. Well, again, you're also paying for the infrastructure required to provide the service, so, you know, one way or another, it's all the best—it's just like Cloud, there is no cloud. It's just someone else's cost center. I like that.Jack: Well, yeah, we're paying for a ton of data hosting. This is a huge loss leader. Uptycs has a lot of money in the bank, I think, so they're able to do this. Uptycs just needs to get a little more bold in their marketing because I think they've spent so much time building an awesome product, it's time that we get people to see it. That's why I did this.My career was going phenomenally. I was traveling the world, traveling the country promoting things, just getting deals left and right and then Elias—my buddy over at Orca; Elias, one of the best marketing guys I've ever met—I've never done marketing before. I love this. It's not just marketing. It's like I get to take feedback from people and make the product better and this is what I've been trying to do.So, you're talking to a crazy person in security. I will go well above and beyond. Sign up for that dollar menu. I'm telling you, it is no commitment, maybe you'll get some spam email or something like that. Email me directly, I'll kill the spam email.You can do it anytime before the end of 2023. But it's only for 2023. So, you got a full year of the services for free. For free, right? And one of them takes two minutes to deploy, so start with that one. Let me know what you think. These guys ideate and they pivot very quickly. I would love to work on this. This is why I came here.So, I haven't had a lot of opportunity to work with the practitioners. I'm there for you. I'll create a Slack, we can all work together. I'll invite you to my Slack if you want to get involved in secondaries investing and startup advisory. I'm a mentor and a leader in this space, so for me to be able to stay active, this is like a quid pro quo with me working for this company.Uptycs is the company that I've chosen now because I think that they're the ones that are doing this. But I'm doing this because I think I found the opportunity to get it done right, and I think it's going to be the one thing in security that when it is perfected, has the biggest impact.Corey: We'll see how it goes out over the coming year, I'm sure. Thank you so much for being so generous with your time. I appreciate it.Jack: I like you. I like you, Corey.Corey: I like me too.Jack: Yeah? All right. Okay. I'm telling [unintelligible 00:39:51] something. You and I are very weird.Corey: It works out.Jack: Yeah.Corey: Jack Charles Roehrig, Technology Evangelist at Uptycs. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an insulting comment that we're going to be able to pull the exact details of where you left it from because your podcast platform of choice clearly just treated security as a box check.Jack: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

While physical stores are now welcoming more consumers, digital shopping habits still continue to be relevant. This will, subsequently, drive conversational commerce, the sale of goods and services via messaging apps.  And it will become an integral communication and sales channel for businesses and consumers, especially as popular year-end retail sales days near.  Lawrence Byrd, Technology Evangelist for Communications APIs, Vonage shares more.  See omnystudio.com/listener for privacy information.

Host Jim Love and Jeff Deverter of Rackspace discuss developments in cloud architecture and cloud security and how companies can take advantage of these.

Businesses are rapidly having to contend with responding to the climate crisis, and the tech industry is set to become one of the biggest contributors to energy drain by the end of the decade. It is clear that sustainable software options are a goal, but many firms are reluctant to adopt lower-carbon systems out of concern for loss of power.Joining us this week is Behrad Babaee, Technology Evangelist at Aerospike, to talk about his proposals for a universal metric with which to measure the carbon output of software, and how it is possible to cut cost, latency and carbon emissions at the same time.

¿Has sido víctima de un fraude en línea? Daniel Carrillo, de Technology Evangelist de Binaria Technologies, nos dice qué hacer para prevenirlos y cómo crear una identidad digital de confianza.

Scott Francis,Technology Evangelist at Fujitsu, discusses best practices for scanning and data capture. Learn how Fujitsu scanners compliment cloud and on-premise capabilities and how next-generation solutions offer companies a fast and cost-effective approach to maximizing their content management and collaboration capabilities. Host, Kevin Craine

Jimmy Augustine, Chief Technology Evangelist at Ingram Micro, is a business builder, supporting highly successful organic growth from the ground up. In this latest episode of Let's Talk About SecurIT, Philip and Jimmy discuss, the top 3 cybersecurity trends, cybersecurity areas to focus on, and finally, they deliberate on the ultimate global solution that could become the future of cybersecurity.

I geeked out with Adelina Simion who is a Technology Evangelist working at Form3, based in London. Adelina has been a Software Engineer since 2014, working at first in Java, then converted to Go in 2018.

Derek Laney is Technology Evangelist for the Future of Work at collaboration platform Slack, having previously held a range of senior roles at Slack's parent company Salesforce.

Sue Black OBE, Professor of Computer Science and Technology Evangelist, Durham Uni joins our very own Donna Herdsman, Managing Director, Diversity, Equity & Inclusion at Talking Talent to discuss the importance and role of technology in Inclusion. Listen to this week's episode to learn more about; Why diversity and inclusion is still such a critical challenge within the IT sector Why securing and maintaining a diverse workforce in tech is such a challenge The lessons we have still to learn in society about accepting people as we find them With AI playing an increasing role in our lives, what we must do to ensure that bias does not prevail and that we create technology that truly benefits all in society. #DEI #TalkingTalent #Technology #Inclusion #Diversity #Equity #Coaching #DiverseWorkforce

This episode is a passionate talk about database technologies between The Head Of Open Source Strategy at Percona, Matt Yonkovit, and the Technology Evangelist at Percona Dave Stokes. Dave joined Percona last February and he is welcome to the podcast as well. Listen about Dave's background, his interaction with open source database communities, his early days, and his choice of MySQL Community. They tackle also the difference between MySQL Community and Postgres Community, the recent change and evolution in the database space with more and more explosive data, before plunging into the future of the technology space, particularly the JSON datatype.

As we begin 2022, the cost, sophistication, and lethality of cyber-breaches continues to rise. Threat actors, especially state-sponsored, and criminal enterprises are taking advantage of the expanding cyber-attack surface by using their resources to employ more sophisticated means for discovering target vulnerabilities, automating phishing, and finding new deceptive paths for infiltrating malware. This presentation will explore some of the more compelling trends and threats in the cybers ecosystem, the impact of emerging technologies, and potential strategies for mitigation. About the speaker: Chuck Brooks is President of Brooks Consulting International, and Adjunct Faculty at Georgetown University, is a Technology Evangelist, Corporate Executive, Speaker, Writer, Government Relations, Business Development, and Marketing Executive. LinkedIn named Chuck as one of "The Top 5 Tech People to Follow on LinkedIn." He was named as one of the world's "10 Best Cyber Security and Technology Experts" by Best Rated, as a "Top 50 Global Influencer in Risk, Compliance," by Thomson Reuters, "Best of The Word in Security" by CISO Platform, and by IFSEC as the "#2 Global Cybersecurity Influencer." He was featured in the 2020 and 2021 Onalytica "Who's Who in Cybersecurity" – as one of the top Influencers for cybersecurity issues and in Risk management. He was also named "Best in The World in Security" by CISO Platform, one of the "Top 5 Executives to Follow on Cybersecurity" by Executive Mosaic, and as a "Top Leader in Cybersecurity and Emerging Technologies" by Thinkers360. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

**This episode of Network Disrupted is with James Stanger, Chief Technology Evangelist at CompTIA. He works with students, newcomers, and existing IT professionals worldwide to help set them up for a long-term career in IT. James will also help other instructors create IT education programs.Today the discussion is around the path and opportunities for those deep subject matter experts who are well-versed in traditional domains. You'll find that James' advice and insights are beneficial to not only those experts, but also to those that lead them as he shares advice on how leaders should begin thinking about learning possibilities and pathways for their teams.Let me know what you thought of today's discussion! You can tweet me at @netwkdisrupted + @awertkin, leave a review on Spotify or Apple Podcasts, or email me at andrew@networkdisrupted.com.

There's a lot of hype and fanfare around Kubernetes, but on today's Day Two Cloud episode we'll cut through the hype with a guest who has enterprise experience with Kubernetes and containers--including the pain and problems. Those pains revolve around complexity, the ignorance of the Kubernetes platform, and the disconnect between the designers of Kubernetes and the people trying to use it now. Our guest is Eric Wright, Technology Evangelist at Turbonomic and host of the DiscoPosse podcast.

There's a lot of hype and fanfare around Kubernetes, but on today's Day Two Cloud episode we'll cut through the hype with a guest who has enterprise experience with Kubernetes and containers--including the pain and problems. Those pains revolve around complexity, the ignorance of the Kubernetes platform, and the disconnect between the designers of Kubernetes and the people trying to use it now. Our guest is Eric Wright, Technology Evangelist at Turbonomic and host of the DiscoPosse podcast.

There's a lot of hype and fanfare around Kubernetes, but on today's Day Two Cloud episode we'll cut through the hype with a guest who has enterprise experience with Kubernetes and containers--including the pain and problems. Those pains revolve around complexity, the ignorance of the Kubernetes platform, and the disconnect between the designers of Kubernetes and the people trying to use it now. Our guest is Eric Wright, Technology Evangelist at Turbonomic and host of the DiscoPosse podcast.

Our guest today is the co-founder and editor of Event Industry News, he is a Technology Evangelist, and he organizes Event Tech Live, Europes only show dedicated to event technology. In today's episode we talk about a number of new technologies from AI translation to Virtual reality and wayfinding. This is a fun episode and we get to geek out on some cool tech. Adam Parry of Event Industry News is our guest today, on the Event Producer Podcast.  

Security tools are essential in helping tackle vulnerabilities in the cloud. Liz Rice, Technology Evangelist at Aqua Security explained the capabilities of security tools, vulnerability reports, and the process of deploying security patches.