WEBVTT 1 00:00:00.330 --> 00:00:02.790 Anna Delaney: Hello, welcome to the ISMG Editors' Panel. I'm 2 00:00:02.790 --> 00:00:05.490 Anna Delaney, and this is our weekly conversation between 3 00:00:05.490 --> 00:00:08.460 members of the editorial team around some of the top themes 4 00:00:08.640 --> 00:00:11.790 and stories in the industry right now. This week I'm 5 00:00:11.790 --> 00:00:14.820 delighted to be joined by Tom Field, senior vice president of 6 00:00:14.820 --> 00:00:18.270 editorial; Marianne Kolbasuk McGee, executive editor of 7 00:00:18.270 --> 00:00:21.450 HealthcareInfoSecurity; and Michael Novinson, managing 8 00:00:21.450 --> 00:00:28.740 editor for business. Great to see you all. Om Shanti! Hello! 9 00:00:28.920 --> 00:00:34.830 Where are you today? Tom, it's fantastic, blue Christmas tree. 10 00:00:31.980 --> 00:00:34.775 Tom Field: I'm still home. But my tradition over the past 11 00:00:34.836 --> 00:00:38.605 several years has been to track the Christmas trees as they go 12 00:00:35.380 --> 00:00:53.500 Anna Delaney: I'll have to send you some from the U.K. 13 00:00:38.665 --> 00:00:42.373 up in the airports around the country, around the world even. 14 00:00:42.434 --> 00:00:46.202 And this was from one of my last trips to New York. It was the 15 00:00:46.263 --> 00:00:49.910 first time I had seen airport Christmas trees in some years. 16 00:00:49.971 --> 00:00:50.640 Here we go! 17 00:00:54.860 --> 00:00:56.870 Tom Field: Usually, I would see the first tree in Heathrow, 18 00:00:56.870 --> 00:00:59.480 typically around the time of Halloween or Guy Fawkes Day. 19 00:00:59.810 --> 00:01:04.790 Anna Delaney: Yeah. Michael, you joined my company this week 20 00:01:04.820 --> 00:01:05.330 again. 21 00:01:06.020 --> 00:01:10.430 Michael Novinson: I am. This is an 18-foot talking snowman. So 22 00:01:10.430 --> 00:01:12.830 if you've ever felt your life was incomplete without a talking 23 00:01:12.830 --> 00:01:15.920 snowman, might I recommend this gentleman. He is a Potomac 24 00:01:15.920 --> 00:01:19.640 winter wonderland. So his claim to fame is essentially in itself 25 00:01:19.640 --> 00:01:23.240 is like Christmas time village. So the snowman will wait until 26 00:01:23.240 --> 00:01:25.430 people are standing right next to it and taking a photograph 27 00:01:25.430 --> 00:01:28.760 and then the deep voice will be like Merry Christmas, and then 28 00:01:28.760 --> 00:01:31.280 all the people will jump in the air because they don't know - if 29 00:01:31.280 --> 00:01:33.200 it's the first time they didn't have expected it. It was 30 00:01:33.470 --> 00:01:35.900 definitely my daughter's favorite attraction from the 31 00:01:35.900 --> 00:01:39.050 show. She could not stop talking about the talking snowman and 32 00:01:39.050 --> 00:01:42.050 then the snowman who was no longer talking. So, a huge hit 33 00:01:42.050 --> 00:01:42.710 in the house. 34 00:01:43.610 --> 00:01:46.970 Anna Delaney: Definitely, I don't blame her. Marianne, it 35 00:01:46.970 --> 00:01:49.160 doesn't seem like it's winter where you are. 36 00:01:49.250 --> 00:01:53.420 Marianne McGee: No, it's a photo of Savannah, Georgia, actually. 37 00:01:54.290 --> 00:01:58.400 In October, my husband and I were down there. And I just love 38 00:01:58.400 --> 00:02:01.010 the trees. They may have lights now. 39 00:02:02.480 --> 00:02:05.240 Anna Delaney: Yeah, maybe there's a tree theme this week. 40 00:02:07.220 --> 00:02:10.190 Marianne McGee: I thought the trees grew like that. But 41 00:02:10.190 --> 00:02:11.750 actually it's moss, like rose on the tree. 42 00:02:13.520 --> 00:02:15.920 Anna Delaney: Very cool. Well, I'm reliving my trip to 43 00:02:15.920 --> 00:02:18.620 Stockholm last week when I stumbled across this tree 44 00:02:18.710 --> 00:02:21.380 adorned with Christmas gnomes. 'Tis the season! 45 00:02:23.210 --> 00:02:25.520 Tom Field: Looks like my old farmhouse up here in Maine, to 46 00:02:25.520 --> 00:02:27.950 be honest with you. I have the same tress but not the same 47 00:02:27.950 --> 00:02:28.400 gnomes. 48 00:02:28.630 --> 00:02:32.770 Anna Delaney: That's spooky. So Tom, it's been a really 49 00:02:32.800 --> 00:02:36.730 interesting year for the CISOs, has it not? Two contrasting yet 50 00:02:36.730 --> 00:02:39.910 important news stories dominated the headlines this year, which 51 00:02:39.910 --> 00:02:44.620 will no doubt, we think continue to impact CISOs in 2023. And I 52 00:02:44.620 --> 00:02:48.130 know you had a chat with our good friend David Pollino. 53 00:02:48.250 --> 00:02:52.480 Recently, former CISO, PNC Bank, of course. And you discussed how 54 00:02:52.480 --> 00:02:55.540 the role of the CISO might evolve next year. 55 00:02:55.000 --> 00:02:59.800 Tom Field: Yeah, and as part of our year ahead conversations, 56 00:02:59.800 --> 00:03:02.200 talking with some of our global advisors and I spoke with David 57 00:03:02.200 --> 00:03:05.650 about the CISO role, about the stories that have had the most 58 00:03:05.650 --> 00:03:08.350 impact this year, you hinted at those. I'm sure you're talking 59 00:03:08.350 --> 00:03:12.250 about Joe Sullivan, and about Mudge, and what we've heard 60 00:03:12.250 --> 00:03:15.460 about security practices at Uber and Twitter and the 61 00:03:15.460 --> 00:03:19.330 repercussions. And David makes the point that usually when 62 00:03:19.330 --> 00:03:23.110 stories such as these come up, the CISO community off walks to 63 00:03:23.110 --> 00:03:26.530 one side of the story. That wasn't the case with these. And 64 00:03:26.530 --> 00:03:30.100 they weren't the only big influential stories in a year 65 00:03:30.100 --> 00:03:33.460 full of big influential stories. So we talked to about that in 66 00:03:33.460 --> 00:03:37.990 this interview. And I also asked him, how he sees the role 67 00:03:38.140 --> 00:03:43.030 evolving further, as we go into 2023, just some days from now. 68 00:03:43.060 --> 00:03:46.870 So I'd like to share an excerpt of David's response when I asked 69 00:03:46.870 --> 00:03:48.730 him about the evolution of the CISO role. 70 00:03:49.240 --> 00:03:53.890 David Pollino: For many years, CISOs have continued to struggle 71 00:03:53.890 --> 00:03:57.190 to do the best they can with limited resources. I mean, let's 72 00:03:57.190 --> 00:04:01.840 face it, security professionals have to be right all the time 73 00:04:01.840 --> 00:04:04.360 where the criminals only have to be right once to be able to have 74 00:04:04.360 --> 00:04:09.340 a significant incident or breach. The Joe Sullivan, the 75 00:04:09.370 --> 00:04:13.390 Uber as well as the Twitter cases have just highlighted the 76 00:04:13.390 --> 00:04:17.590 fact that, exactly what CISOs are doing. In some cases, not 77 00:04:17.590 --> 00:04:21.910 necessarily adequately funded in the organization, maybe not 78 00:04:22.060 --> 00:04:24.190 well-positioned in the organization, not having the 79 00:04:24.190 --> 00:04:27.160 right level of influence, as well shining the light on some 80 00:04:27.160 --> 00:04:30.040 of the incentives that goes around the business do not 81 00:04:30.040 --> 00:04:35.860 always promote the best behavior for security executives. So I 82 00:04:35.860 --> 00:04:40.660 think what we'll continue to see is the security role - not been 83 00:04:40.660 --> 00:04:44.800 the part of IT - which has been the trend for quite some time, 84 00:04:45.010 --> 00:04:50.890 but also maybe it being a real executive level role. Most 85 00:04:50.890 --> 00:04:53.980 companies will have some sort of executive committee, some sort 86 00:04:53.980 --> 00:04:58.330 of senior leadership team with the top ranking executives of 87 00:04:58.330 --> 00:05:03.310 the team or of the company, I think more you'll see that CISO 88 00:05:03.310 --> 00:05:06.940 being promoted to that particular organization. I think 89 00:05:07.630 --> 00:05:11.020 DocuSign is one of the companies that kind of was getting out 90 00:05:11.020 --> 00:05:15.010 there and elevating that role ahead of many other as well as 91 00:05:15.040 --> 00:05:18.580 more regular communication with board members and higher 92 00:05:18.580 --> 00:05:23.170 expectations for board members to be conversate on security 93 00:05:23.170 --> 00:05:23.830 issues. 94 00:05:24.760 --> 00:05:27.010 Tom Field: There you go. Can I tell you, Anna, this is 95 00:05:27.010 --> 00:05:30.070 reminiscent and Marianne I bet you remember this as well. You 96 00:05:30.070 --> 00:05:32.380 go back a few years, and we'll say how many; but you go back a 97 00:05:32.380 --> 00:05:36.340 few years, and we're having these exact same conversations 98 00:05:37.000 --> 00:05:40.510 about the CIO, and how the CIO had to get out of the basement 99 00:05:40.510 --> 00:05:44.740 so to speak, and leave MIS behind and have a legitimate 100 00:05:44.740 --> 00:05:49.630 seat at the senior executives table. What goes around comes 101 00:05:49.630 --> 00:05:51.490 around, we're having those conversations about the CISO 102 00:05:51.490 --> 00:05:51.760 now. 103 00:05:53.920 --> 00:05:56.560 Anna Delaney: Do you know that the Joe Sullivan case has come 104 00:05:56.560 --> 00:06:00.460 up in virtually every roundtable that I've moderated in the U.K. 105 00:06:00.460 --> 00:06:04.990 since the verdict? It's generally such a heated 106 00:06:04.990 --> 00:06:07.540 discussion. Is that the same in the U.S., Tom? 107 00:06:07.900 --> 00:06:11.950 Tom Field: It is, and it reminds me of almost 10 years ago, after 108 00:06:11.950 --> 00:06:16.330 the Target breach, anywhere you went in the world, whether there 109 00:06:16.330 --> 00:06:20.260 was a Target store there or not, you would have the conversation 110 00:06:20.260 --> 00:06:24.100 about Target. And that's because that was the first time a 111 00:06:24.100 --> 00:06:27.550 business executive was held accountable for a breach. 112 00:06:27.820 --> 00:06:31.300 Comparable here. The first time we've seen a CISO held 113 00:06:31.330 --> 00:06:35.770 accountable for actions taken or not taken during a breach and 114 00:06:35.770 --> 00:06:39.160 this has repercussions. This is something that people ask what 115 00:06:39.160 --> 00:06:43.180 you're thinking about and wondering if when things go bad, 116 00:06:43.540 --> 00:06:45.850 whether their company truly has their backs. 117 00:06:46.390 --> 00:06:50.440 Anna Delaney: Let's see what 2023 brings. Well, thank you, 118 00:06:50.440 --> 00:06:51.130 Tom. 119 00:06:51.190 --> 00:06:53.080 Tom Field: You will have many opportunities to have these 120 00:06:53.080 --> 00:06:55.090 conversations. Things you can't even imagine now. 121 00:06:55.120 --> 00:07:00.370 Anna Delaney: Yeah, for sure. Marianne, what is the latest 122 00:07:00.370 --> 00:07:02.320 when it comes to hospital ransomware attacks? 123 00:07:03.280 --> 00:07:07.540 Marianne McGee: I was at the HIMSS Cyber Forum in Boston this 124 00:07:07.540 --> 00:07:11.230 week. And there's a variety of different themes that kind of 125 00:07:11.230 --> 00:07:16.330 popped up as I was speaking with a variety of various healthcare 126 00:07:16.330 --> 00:07:18.880 security leaders from across the country, but then also listening 127 00:07:18.880 --> 00:07:22.510 in on some of these sessions. When it comes to the hospitals 128 00:07:22.510 --> 00:07:27.400 and ransomware attacks, some of the conversations sort of focus 129 00:07:27.400 --> 00:07:31.240 on not only the lack of preparedness that many 130 00:07:31.240 --> 00:07:36.760 organizations still have to deal with ransomware attacks, they do 131 00:07:36.760 --> 00:07:41.800 prepare for some outages that might occur, whether it's like 132 00:07:41.800 --> 00:07:44.860 an update of software, or maybe some kind of glitch, but then 133 00:07:44.860 --> 00:07:49.660 the systems are up again, in a few hours, or maybe a day or so, 134 00:07:49.690 --> 00:07:52.300 you know, and people can kind of transition back and forth. But 135 00:07:52.690 --> 00:07:55.960 the problem still, for many entities when they actually 136 00:07:55.960 --> 00:08:01.270 experience a ransomware issue, where systems could be down for 137 00:08:01.270 --> 00:08:04.540 weeks, or maybe even months, you know, when it comes to 138 00:08:04.780 --> 00:08:08.830 electronic health records and e-prescriptions and patient 139 00:08:08.830 --> 00:08:13.750 portals, so on and so forth, is that they're not prepared for 140 00:08:13.750 --> 00:08:18.880 these long outages. Their patients certainly aren't 141 00:08:18.910 --> 00:08:22.300 prepared to be disrupted in terms of maybe having 142 00:08:22.450 --> 00:08:25.780 appointments scheduled, rescheduled or postponed or 143 00:08:25.780 --> 00:08:30.760 cancelled, but the area hospitals are not prepared, and 144 00:08:30.790 --> 00:08:36.850 that the hospitals really should be taking a sort of a broader 145 00:08:36.850 --> 00:08:40.420 approach to incident response to not only become more 146 00:08:40.570 --> 00:08:43.690 comprehensive and well-rehearsed, if something 147 00:08:43.690 --> 00:08:47.140 happens to their organization, ransomware attack directly 148 00:08:47.200 --> 00:08:52.330 hitting them, but what happens if a hospital in the region has 149 00:08:52.420 --> 00:08:56.320 an incident and we've seen lots of that. The area hospitals 150 00:08:56.320 --> 00:09:01.600 often wind up unexpectedly accepting diverted patients from 151 00:09:01.630 --> 00:09:05.410 ambulances, they might get transferred out of a facility if 152 00:09:05.860 --> 00:09:09.550 they're needing to receive some sort of care to all of a sudden 153 00:09:09.550 --> 00:09:12.520 this other hospital because they're hit, and they don't have 154 00:09:12.520 --> 00:09:18.460 access to EHRs can provide. But just transferring these patients 155 00:09:18.460 --> 00:09:24.640 over creates a new bowl of problems for these regional 156 00:09:24.820 --> 00:09:28.930 hospitals. And I was speaking with Christian Dameff, who is an 157 00:09:28.930 --> 00:09:33.400 emergency physician at a clinical informatics at the 158 00:09:33.400 --> 00:09:37.630 University of California, San Diego. And he's studied the 159 00:09:37.630 --> 00:09:41.500 impact of the ransomware attack last year on Scripps Health in 160 00:09:41.500 --> 00:09:46.750 San Diego. And he was saying that hospitals if they do have 161 00:09:46.750 --> 00:09:49.450 an incident response plan, great, make sure they're 162 00:09:49.450 --> 00:09:53.860 updated, but you have to expand into this whole idea of regional 163 00:09:53.860 --> 00:09:58.150 thinking. And he says that it's not uncommon. All hospitals have 164 00:09:58.150 --> 00:10:01.480 to have some sort of plan for like mass casualties, an 165 00:10:01.480 --> 00:10:04.690 unexpected surge in patients because if there was some sort 166 00:10:04.690 --> 00:10:09.640 of physical crisis or catastrophe or accident, or God 167 00:10:09.640 --> 00:10:14.980 forbid something else, but when a neighboring hospital has a 168 00:10:14.980 --> 00:10:18.250 ransomware attack, and you're seeing the surge of patients, 169 00:10:18.430 --> 00:10:22.540 suddenly, you might not be able to access any of that patient's 170 00:10:22.690 --> 00:10:27.100 recent or prior history in terms of their medical records, 171 00:10:27.100 --> 00:10:29.800 because that other hospital has been cut off, they're not able 172 00:10:29.800 --> 00:10:33.430 to share, and then in the bigger picture, there could be a 173 00:10:33.430 --> 00:10:38.770 situation where cloud-based service providers in the area 174 00:10:40.030 --> 00:10:44.800 are unable to provide imaging data, they might be unable to 175 00:10:44.800 --> 00:10:49.480 calculate these complex calculations for cancer 176 00:10:49.480 --> 00:10:55.960 treatments, radiation treatment, chemo, other things like that. 177 00:10:55.960 --> 00:10:58.750 So, you're not only getting a surge in patients, but you're 178 00:10:58.750 --> 00:11:03.220 going to be cut off from getting their information. And it's 179 00:11:03.220 --> 00:11:07.630 really pertinent looking ahead for these hospitals to be 180 00:11:07.630 --> 00:11:12.460 thinking more broadly, in their incident response plans. Again, 181 00:11:13.690 --> 00:11:19.990 Dr. Dameff's thinking is that it's a mistake to just think of 182 00:11:20.320 --> 00:11:24.490 ransomware response, like a mass casualty sort of incident, 183 00:11:24.490 --> 00:11:27.070 because it's beyond that. There's many more nuances that 184 00:11:27.070 --> 00:11:30.850 really need to be recognized. So I thought that was interesting, 185 00:11:30.850 --> 00:11:33.100 because, again, we're seeing so many of these incidents, and 186 00:11:33.100 --> 00:11:36.700 then you do hear about the impact that it has on a region. 187 00:11:37.870 --> 00:11:39.640 Anna Delaney: While tough times, but as you say, regional 188 00:11:39.640 --> 00:11:42.970 thinking sounds positive. So hopefully, there'll be some 189 00:11:42.970 --> 00:11:46.660 improvements there. Moving on, I think you're going to be sharing 190 00:11:46.690 --> 00:11:49.570 a roundup of recent earnings calls and what vendors are 191 00:11:49.570 --> 00:11:52.390 seeing when it comes to customer buying behavior. Tell us more. 192 00:11:52.960 --> 00:11:54.910 Michael Novinson: Of course, and thank you for having me, Anna. 193 00:11:55.090 --> 00:11:57.610 So we've heard over the past week and a half, we've heard 194 00:11:57.610 --> 00:12:01.030 from the largest vendors outside of the network firewall space 195 00:12:01.030 --> 00:12:04.180 we've had, we've heard from the CEOs of CrowdStrike, Octa, 196 00:12:04.180 --> 00:12:06.910 Zscalar. And then most recently, SentinelOne about what they've 197 00:12:06.910 --> 00:12:11.110 seen over the past quarter. And one topic was on the mind of the 198 00:12:11.110 --> 00:12:14.170 entire investment community and that is the impact of the 199 00:12:14.170 --> 00:12:17.710 economic slowdown on these large, important security 200 00:12:17.710 --> 00:12:21.370 companies. Certainly some similar themes across all four 201 00:12:21.370 --> 00:12:25.060 of those, some nuances and some areas a difference as well. So 202 00:12:25.060 --> 00:12:27.700 one thing that we are hearing consistently was in the small 203 00:12:27.700 --> 00:12:32.170 and mid-sized business space, that there seemed to be a pause 204 00:12:32.170 --> 00:12:36.340 on spending, that they're more cost conscious that security 205 00:12:36.340 --> 00:12:38.410 would make up a larger percentage of their budget. And 206 00:12:38.410 --> 00:12:42.370 companies were either delaying purchases or in some cases 207 00:12:42.370 --> 00:12:45.520 particularly often send the one highlighted, some scaling back 208 00:12:45.520 --> 00:12:47.320 of purchase. It's not, of course, that they're not going 209 00:12:47.320 --> 00:12:50.530 to have a firewall or they've not had the antivirus software, 210 00:12:50.530 --> 00:12:54.430 but maybe some of the additional modules. I know, Tomer 211 00:12:54.430 --> 00:12:58.840 Weingarten of SentinelOne had brought up things like remote 212 00:12:58.840 --> 00:13:01.570 script execution or endpoint firewall controls or endpoint 213 00:13:01.570 --> 00:13:04.360 management, and some of the modules for that where buying 214 00:13:04.360 --> 00:13:06.460 activity slowed down a little bit. People are still getting 215 00:13:06.460 --> 00:13:09.490 their endpoint protection to EDR, maybe they don't do these 216 00:13:09.640 --> 00:13:13.090 add-on modules. The impact seems to be less at the large 217 00:13:13.090 --> 00:13:17.320 enterprise area. That's largely in part or that's in part 218 00:13:17.320 --> 00:13:19.450 because security is going to make up a smaller percentage of 219 00:13:19.450 --> 00:13:22.600 the overall budget for larger companies, as well as the fact 220 00:13:22.600 --> 00:13:26.050 that more of the spending is driven by regulatory or 221 00:13:26.050 --> 00:13:28.930 compliance requirements. So there's less flexibility there. 222 00:13:29.290 --> 00:13:34.180 So what we've seen at the large enterprise is, some companies 223 00:13:34.180 --> 00:13:37.060 are choosing to focus more there. SentinelOne was talking 224 00:13:37.060 --> 00:13:40.450 about that when they look at their pipeline of prospects, 225 00:13:40.510 --> 00:13:43.630 they're really trying to put focus on the Fortune 500 and the 226 00:13:43.630 --> 00:13:45.790 Global 2000, which is a little different than them 227 00:13:45.790 --> 00:13:48.940 historically. They really have made a name for themselves in 228 00:13:48.940 --> 00:13:51.940 that mid market, and even into that SMB space with CrowdStrike, 229 00:13:51.940 --> 00:13:54.670 further up market, they really want to focus on. The large 230 00:13:54.670 --> 00:13:56.530 enterprise to feel the spending, there's going to be more 231 00:13:56.530 --> 00:14:03.220 predictable right now. Then also that there is a push from all of 232 00:14:03.220 --> 00:14:05.170 these companies, what all these companies do is they're 233 00:14:05.170 --> 00:14:07.900 constantly rolling out new modules, and new capabilities 234 00:14:08.530 --> 00:14:12.340 that they're trying to get larger deals with more modules 235 00:14:12.340 --> 00:14:15.520 on there. I know Zscaler talked about this. That's something 236 00:14:15.520 --> 00:14:18.520 that's very important to investors. It's a metric called 237 00:14:18.520 --> 00:14:21.220 net retention rate, which essentially, they want to see 238 00:14:21.220 --> 00:14:24.310 the number, investors want to see north of 120%. So 239 00:14:24.310 --> 00:14:27.730 essentially means that if an existing customer spent $100 240 00:14:27.730 --> 00:14:31.990 with you in 2022, then they're going to spend 120 in 2023, 241 00:14:31.990 --> 00:14:35.500 which is either adding on more users or in a environment like 242 00:14:35.530 --> 00:14:37.600 the current where people aren't hiring as much. It's really 243 00:14:37.600 --> 00:14:41.080 about upselling to existing customers, that's easier than 244 00:14:41.080 --> 00:14:45.490 landing on that new customer. So our companies are focusing more 245 00:14:45.520 --> 00:14:50.710 on that large enterprise space and trying to find ways to 246 00:14:50.770 --> 00:14:54.160 minimize the impact but big picture, I mean, everybody made 247 00:14:54.160 --> 00:14:58.330 it clear. Except maybe for Twitter under Elon Musk, people 248 00:14:58.330 --> 00:15:01.930 aren't walking away from security. There's a need for 249 00:15:02.020 --> 00:15:04.210 security technology. And it's really a question on the 250 00:15:04.210 --> 00:15:08.020 margins. Do we buy this ancillary capability now? Or do 251 00:15:08.020 --> 00:15:10.870 we wait six months or 12 months? Do we buy additional seats now? 252 00:15:10.870 --> 00:15:13.600 Or do we wait until we actually hire people to fill those seats? 253 00:15:14.050 --> 00:15:17.020 And that's where we're seeing most of the activity. 254 00:15:17.890 --> 00:15:20.740 Anna Delaney: Really interesting trends, Michael, and I'm just 255 00:15:20.740 --> 00:15:23.320 curious to very briefly pick up on something you mentioned 256 00:15:23.320 --> 00:15:27.490 yesterday. When you were asked to define 2022, you said it is 257 00:15:27.490 --> 00:15:31.300 the year of profitability. Just tell us your reasoning or talk 258 00:15:31.300 --> 00:15:32.320 to us about your reasoning there. 259 00:15:32.950 --> 00:15:36.520 Michael Novinson: Of course. So these companies - all four of 260 00:15:36.520 --> 00:15:39.130 them - have historically lost money hand over fist and 261 00:15:39.130 --> 00:15:42.640 investors are okay with that, because they were growing 50-70, 262 00:15:42.640 --> 00:15:45.610 in the case of SentinelOne over 100% year-over-year, and the 263 00:15:45.610 --> 00:15:47.890 feeling was eventually they'll grow the way to profitability 264 00:15:47.890 --> 00:15:51.910 the same way that Amazon did. But this year, the investor 265 00:15:51.910 --> 00:15:54.340 community is different. And I've heard more discussions over 266 00:15:54.340 --> 00:15:57.430 these past 12 months than I've heard it over the past few years 267 00:15:57.430 --> 00:16:00.370 combined, in my experience covering technology about path 268 00:16:00.370 --> 00:16:05.320 to profitability, controlling costs, managing headcount 269 00:16:05.320 --> 00:16:10.000 growth, operating margins, and non-GAAP profitability, GAAP 270 00:16:10.000 --> 00:16:13.510 profitability, and really trying to find a way if none of these 271 00:16:13.510 --> 00:16:16.630 companies are making money on a GAAP basis right now, making it 272 00:16:16.630 --> 00:16:18.640 clear to investors even SentinelOne who's lost the most 273 00:16:18.640 --> 00:16:22.930 money, they're saying that they expect to reach GAAP 274 00:16:22.930 --> 00:16:27.340 profitability in 2024, which is a pretty steep shift for them. 275 00:16:27.550 --> 00:16:30.790 So I think all these companies realize that investors will not 276 00:16:31.570 --> 00:16:34.480 sustain losses indefinitely, and they've had to make some pretty 277 00:16:34.870 --> 00:16:38.290 drastic shifts to their plans to accommodate the investor 278 00:16:38.290 --> 00:16:38.800 community. 279 00:16:40.120 --> 00:16:41.980 Anna Delaney: Appreciate these insights, as ever, Michael, 280 00:16:41.980 --> 00:16:46.870 thank you. And finally, as the festive season is upon us, I'm 281 00:16:46.870 --> 00:16:49.960 going to use Charles Dickens' A Christmas Carol, as an 282 00:16:49.960 --> 00:16:52.660 inspiration of this next question. If you recall from the 283 00:16:52.660 --> 00:16:55.810 story, Scrooge is visited by the ghosts of Christmas past, 284 00:16:56.110 --> 00:16:59.140 present and future. So this week, I want to know who would 285 00:16:59.140 --> 00:17:03.670 be your ghost of cybersecurity past. What historical figure has 286 00:17:03.670 --> 00:17:06.460 influenced or shaped the industry, in your opinion? 287 00:17:07.600 --> 00:17:10.930 Tom Field: I'm going to go with Steve Katz, who was the world's 288 00:17:10.930 --> 00:17:15.070 first CISO. He was appointed CISO at Citi back in 1995, I 289 00:17:15.070 --> 00:17:18.340 think and there is still generations of security leaders 290 00:17:18.580 --> 00:17:22.090 in power now that learned from him, learned with him, I think 291 00:17:22.090 --> 00:17:26.560 the impact he had on security, and still has on the industry is 292 00:17:26.560 --> 00:17:29.830 tremendous. If I'm going to be visited by one ghost at the 293 00:17:29.830 --> 00:17:33.310 start of the evening, I think Steve Katz would be a good race 294 00:17:33.310 --> 00:17:34.090 to have in the room. 295 00:17:35.260 --> 00:17:37.450 Anna Delaney: Good choice. Michael? 296 00:17:39.370 --> 00:17:41.530 Michael Novinson: So I'm going to take my inspiration from the 297 00:17:41.530 --> 00:17:44.170 business community. To be clear, these people are very much 298 00:17:44.170 --> 00:17:47.410 alive, but they are former CEOs - two notable ones - John 299 00:17:47.410 --> 00:17:51.610 Thompson, former CEO of Symantec in the 2000s. And then David 300 00:17:51.610 --> 00:17:54.580 DeWalt from McAfee and FireEye for a number of years from the 301 00:17:55.000 --> 00:17:58.510 mid-2000s to the mid-2010s. They saw the need for consolidation 302 00:17:58.510 --> 00:18:00.400 in this industry, they tried to make moves to do that 303 00:18:00.400 --> 00:18:03.400 financially combined with Veritas under Thomson. And then 304 00:18:03.400 --> 00:18:06.460 with DeWalt, he sold McAfee to Intel to try to put security on 305 00:18:06.460 --> 00:18:09.940 the chip, tried to combine FireEye and Mandiant in order to 306 00:18:09.940 --> 00:18:12.550 bring the product side together with the services and the IRM 307 00:18:12.580 --> 00:18:15.610 consulting. None of these actually worked, all of these 308 00:18:15.700 --> 00:18:18.940 acquisitions actually gotten done. And I think it speaks to 309 00:18:18.940 --> 00:18:21.400 the challenge and trying to consolidate that innovation 310 00:18:21.400 --> 00:18:24.790 tends to happen in smaller, more focused companies. And even 311 00:18:24.790 --> 00:18:26.620 though customers have been saying forever, they want to buy 312 00:18:26.620 --> 00:18:30.220 from less vendors. It's hard to have a broad platform that's 313 00:18:30.220 --> 00:18:33.850 also cutting edge on innovation challenge, the current trap of 314 00:18:33.850 --> 00:18:35.320 CEOs are trying to tackle today. 315 00:18:36.530 --> 00:18:39.200 Anna Delaney: Like it. Thank you, Michael, and Marianne? 316 00:18:39.990 --> 00:18:43.440 Marianne McGee: I am going to say Barnaby Jack, the late 317 00:18:43.440 --> 00:18:48.330 Barnaby Jack, who is or was an ethical hacker, and people kind 318 00:18:48.330 --> 00:18:53.340 of along those lines that are still alive and well and hacking 319 00:18:53.340 --> 00:18:58.050 things. I think it's important. He did some innovative work 320 00:18:58.350 --> 00:19:02.250 early on in terms of hacking ATM machines, and some medical 321 00:19:02.250 --> 00:19:05.910 devices. And I know, ethical hackers are kind of 322 00:19:05.910 --> 00:19:08.910 controversial, but I think they kind of keep companies honest. 323 00:19:09.390 --> 00:19:13.770 Hopefully they'll find problems before the bad guy does. And I 324 00:19:13.770 --> 00:19:15.600 think there's a lot to be said for that. 325 00:19:16.350 --> 00:19:18.180 Tom Field: If your Christmas tree lights go out this year, 326 00:19:18.390 --> 00:19:18.960 it's Barnaby. 327 00:19:21.270 --> 00:19:23.370 Anna Delaney: I'm going to really go back in time to Ada 328 00:19:23.370 --> 00:19:26.700 Lovelace, the daughter of Lord Byron, who wrote the first 329 00:19:26.700 --> 00:19:31.620 computer program in the world. So essentially, before, even the 330 00:19:31.620 --> 00:19:37.920 first computer was designed, maybe the industry wouldn't have 331 00:19:37.920 --> 00:19:41.220 even existed without her. Let's say that. Stay tuned for the 332 00:19:41.220 --> 00:19:48.150 ghost of cybersecurity present next week. Tom, Marianne, 333 00:19:48.150 --> 00:19:50.370 Michael, this has been such a pleasure. Thank you so much. 334 00:19:50.580 --> 00:19:51.570 Tom Field: Thank you. Have a good week. 335 00:19:51.570 --> 00:19:51.990 Michael Novinson: Thank you. 336 00:19:52.950 --> 00:19:55.020 Anna Delaney: And thanks so much for watching. Until next time.