WEBVTT 1 00:00:00.360 --> 00:00:02.010 Michael Novinson: Hello, this is Michael Novinson with 2 00:00:02.010 --> 00:00:05.430 Information Security Media Group. I'm joined today by Ramin 3 00:00:05.460 --> 00:00:09.360 Sayar. He is the president and CEO at Sumo Logic. Good 4 00:00:09.360 --> 00:00:10.530 afternoon, Ramin. How are you? 5 00:00:10.890 --> 00:00:12.750 Ramin Sayar: Good. Thanks, Michael. 6 00:00:13.740 --> 00:00:15.990 Michael Novinson: Thank you for making the time. I know you 7 00:00:15.990 --> 00:00:19.380 spend roughly two years since Sumo Logic completed its initial 8 00:00:19.380 --> 00:00:23.160 public offering. And to start off with, I wanted to get a 9 00:00:23.160 --> 00:00:26.100 sense of the biggest advances that you've made in your 10 00:00:26.100 --> 00:00:28.380 security practice since filing for IPO? 11 00:00:28.000 --> 00:00:30.970 Ramin Sayar: Yeah, well, obviously, our heritage started 12 00:00:31.039 --> 00:00:35.252 many years ago in security, so it's not new for us. And given 13 00:00:35.321 --> 00:00:39.535 the background in logging, and compliance and audit, over the 14 00:00:39.604 --> 00:00:42.850 last few years, we've dramatically enhanced our 15 00:00:42.919 --> 00:00:47.202 portfolio with respect to not only the core security analytics 16 00:00:47.271 --> 00:00:51.623 module, but also with respect to compliance and audit, FedRAMP, 17 00:00:51.692 --> 00:00:55.974 and most notably, cloud, SIEM and SOAR. You might ask why. And 18 00:00:56.043 --> 00:01:00.257 the simple reason is that we believe that there's far too few 19 00:01:00.326 --> 00:01:04.263 security practitioners. And we're trying to help them not 20 00:01:04.332 --> 00:01:08.200 only with our analytics and technology, but also connect 21 00:01:08.269 --> 00:01:12.138 them more effectively to developers and the applications 22 00:01:11.110 --> 00:01:23.770 Michael Novinson: Very interesting. So when it comes to 23 00:01:12.207 --> 00:01:16.489 upstream to remediate and fix issues themselves versus have to 24 00:01:16.558 --> 00:01:18.700 catch a downstream in security. 25 00:01:23.770 --> 00:01:26.590 your security practice, what's been the fastest growing part of 26 00:01:26.590 --> 00:01:28.090 your security business and why? 27 00:01:29.650 --> 00:01:31.750 Ramin Sayar: Well, I think some of that answer depends on the 28 00:01:31.750 --> 00:01:34.570 maturity of the customer. So as we look at our enterprise 29 00:01:34.570 --> 00:01:38.440 customer base versus the mid market, and enterprise base 30 00:01:38.440 --> 00:01:42.340 versus SMB, the answer to that will vary. Obviously, for the 31 00:01:42.340 --> 00:01:47.050 enterprises, it's really about a modern SOC, driving more 32 00:01:47.050 --> 00:01:50.440 automation, and therefore, our cloud SIEM, and now even our 33 00:01:50.440 --> 00:01:54.100 SOAR is very pertinent. If you look at the mid market, they 34 00:01:54.100 --> 00:01:57.100 typically won't have a formalized SOC, they may not may 35 00:01:57.100 --> 00:02:00.760 or may not have a CISO. They have some engineer doing 36 00:02:00.790 --> 00:02:05.620 security, and the security analytics module now, our cloud 37 00:02:05.620 --> 00:02:08.890 security monitoring analytics package is really well geared 38 00:02:08.890 --> 00:02:12.190 towards them to be able to get visibility into the 39 00:02:12.190 --> 00:02:15.040 infrastructure of the applications and users and the 40 00:02:15.130 --> 00:02:19.750 various SaaS application over driving. And the low end, it's 41 00:02:19.750 --> 00:02:22.330 really also about security analytics, but also some 42 00:02:22.330 --> 00:02:25.900 compliance and audit that they may have to report that. So the 43 00:02:25.900 --> 00:02:29.020 great thing about our portfolio lineup is regardless of your 44 00:02:29.020 --> 00:02:32.710 size, but more importantly your maturity, we have an on ramp for 45 00:02:32.710 --> 00:02:35.800 you to improve effectively your security posture. 46 00:02:37.340 --> 00:02:38.480 Michael Novinson: Why don't you tell us a little bit about how 47 00:02:38.480 --> 00:02:42.020 you got there, historically, when you're focused more, either 48 00:02:42.020 --> 00:02:45.890 on the SMB or the large enterprise, or have you always 49 00:02:45.890 --> 00:02:47.630 played in both? 50 00:02:48.680 --> 00:02:53.120 Ramin Sayar: Well, we've always played in both. You know, the 51 00:02:53.120 --> 00:02:58.370 company Sumo Logic was founded in 2010. And the intention was 52 00:02:58.400 --> 00:03:03.800 to essentially build a SIEM in the cloud for the cloud. But it 53 00:03:03.800 --> 00:03:07.730 took quite a few years for enterprise customer CISOs to 54 00:03:07.730 --> 00:03:11.000 adopt SaaS and cloud. So naturally, we focused more on 55 00:03:11.000 --> 00:03:16.580 developers and mid market and SMB until we saw better traction 56 00:03:16.580 --> 00:03:20.270 with not just cloud-native companies, but also those 57 00:03:20.270 --> 00:03:23.480 enterprise mid-market customers that are migrating to the cloud, 58 00:03:23.840 --> 00:03:25.820 as we much more aggressively now. 59 00:03:28.330 --> 00:03:31.870 Michael Novinson: Interesting. So why don't you give us a sense 60 00:03:32.230 --> 00:03:36.520 in terms of your approach to SIEM and SOC? How do you feel 61 00:03:36.520 --> 00:03:39.850 it's most differentiated versus maybe some of the legacy SIEM 62 00:03:39.850 --> 00:03:42.550 providers who've seen the Splunks and the LogRhythms and 63 00:03:42.550 --> 00:03:45.280 the QRadars, as well as some of the newer entrants into the 64 00:03:45.280 --> 00:03:45.820 market? 65 00:03:46.860 --> 00:03:49.380 Ramin Sayar: Well, we've always been architected for the new, 66 00:03:49.380 --> 00:03:53.670 not the old, meaning that we've provided a foundation of SaaS. 67 00:03:54.840 --> 00:03:59.250 We're the gold standard in cloud log analytics. You know, we 68 00:03:59.250 --> 00:04:04.080 built a lot of machine learning algorithms on top of the data, 69 00:04:04.110 --> 00:04:06.360 all the data that we analyzed, we're not sampling or 70 00:04:06.360 --> 00:04:10.890 aggregating, right? So that we can help essentially not just 71 00:04:11.220 --> 00:04:15.420 reduce the signal to noise, but also improve operator 72 00:04:15.420 --> 00:04:18.630 efficiency. And I say operators because, again, back to the 73 00:04:18.630 --> 00:04:23.820 personas, it may be a security operations manager analyst. It 74 00:04:23.820 --> 00:04:27.150 may be a threat hunter or engineer that collectively have 75 00:04:27.150 --> 00:04:31.380 to work together. And oftentimes, there's also an MSP 76 00:04:31.380 --> 00:04:33.600 - managed service provider - and managed security service 77 00:04:33.600 --> 00:04:37.080 provider involved in that. So your level one, level two, level 78 00:04:37.080 --> 00:04:40.680 three, kind of teams that are focused, sometimes it's 79 00:04:40.680 --> 00:04:43.830 insourced, sometimes it's outsourced or co-sourced. So the 80 00:04:43.830 --> 00:04:48.840 unique delivery that we have with SaaS, the time to value in 81 00:04:48.840 --> 00:04:52.680 terms of the automation analytics, the scalable 82 00:04:52.680 --> 00:04:56.730 architecture is what really distinguishes Sumo from the 83 00:04:56.730 --> 00:04:57.180 rest. 84 00:04:57.000 --> 00:05:01.650 Michael Novinson: I want to talk little bit about your 85 00:05:01.650 --> 00:05:04.590 acquisition history. I know you made two acquisitions in the 86 00:05:04.590 --> 00:05:08.520 first half of 2021, buying DFLabs and then buying Sensu. 87 00:05:08.640 --> 00:05:10.680 What did those acquisitions allowed you to do? 88 00:05:12.220 --> 00:05:15.790 Ramin Sayar: Well, historically, we've acquired companies, some 89 00:05:15.790 --> 00:05:18.220 that we've announced, some that we've not announced. And they've 90 00:05:18.220 --> 00:05:22.720 always centered around the team - the people IP first - 91 00:05:22.780 --> 00:05:26.860 secondarily, the product IP that we can bring in and accelerate 92 00:05:26.860 --> 00:05:30.220 an agenda that we're working on or wanting to work on. So as you 93 00:05:30.220 --> 00:05:33.730 look at those two acquisitions, they built on things that we 94 00:05:33.730 --> 00:05:36.100 were doing before, both organically and inorganically. 95 00:05:36.730 --> 00:05:40.690 Let me start with Sensu. Well, for quite some time, we've been 96 00:05:40.690 --> 00:05:45.070 focused on logging, troubleshooting, monitoring, and 97 00:05:45.070 --> 00:05:48.010 building that out, and we made other acquisitions to really 98 00:05:48.010 --> 00:05:51.340 drive towards full stack observability and distributed 99 00:05:51.340 --> 00:05:55.030 tracing, right? Because the modern application performance 100 00:05:55.030 --> 00:05:58.900 management needs today are different than the tooling and 101 00:05:58.900 --> 00:06:02.380 instrumentation of yesterday and some of those vendors. So we 102 00:06:02.380 --> 00:06:06.130 acquired some technology, built some stuff out. And Sensu was a 103 00:06:06.130 --> 00:06:10.570 means for us to accelerate a motion that we wanted to push 104 00:06:10.570 --> 00:06:14.470 harder. And that motion is really towards something called 105 00:06:14.470 --> 00:06:18.940 open telemetry, where by you're standardizing the way that 106 00:06:18.940 --> 00:06:23.740 you're collecting logs, metrics, traces, metadata, events. And 107 00:06:23.740 --> 00:06:28.390 it's not about paying $5-$12-$15 a host for basic infrastructure 108 00:06:28.390 --> 00:06:32.590 metrics. It's more about uniform data collection. And now you 109 00:06:32.590 --> 00:06:35.080 have to deliver value on top of that data that you're 110 00:06:35.080 --> 00:06:38.320 collecting, not just charging for the click. And that's where 111 00:06:38.320 --> 00:06:41.200 the antiquated tools of yesterday and some that are 112 00:06:41.200 --> 00:06:46.360 cloud and SaaS today, still charge. So the Sensu acquisition 113 00:06:46.360 --> 00:06:50.470 for us is about developer community. It's about the 114 00:06:50.470 --> 00:06:54.910 standardization of data formats, and the initiative around open 115 00:06:54.910 --> 00:06:58.180 telemetry, and third, accelerating our self-service 116 00:06:58.180 --> 00:07:03.790 and product-led growth or PLG. But again, it was the team 117 00:07:03.820 --> 00:07:06.310 fitting into our strategy that existed, that helps us 118 00:07:06.310 --> 00:07:10.810 accelerate. Similarly, if you look at the DFLabs acquisition, 119 00:07:11.080 --> 00:07:16.930 it was a lot about the team. The team started by running as a 120 00:07:16.930 --> 00:07:22.510 MSP, essentially services for customers, so they know what 121 00:07:22.510 --> 00:07:26.800 customers face. And they productize a lot of experience 122 00:07:26.920 --> 00:07:30.880 into a SOAR product that could sit on top of logging tools or 123 00:07:30.880 --> 00:07:34.690 SIEM tools, and deliver value through automation. And they had 124 00:07:34.720 --> 00:07:37.990 hundreds of run books or however you want to define it. 125 00:07:38.260 --> 00:07:42.340 Basically, actions are codified, based on patterns that they saw 126 00:07:42.520 --> 00:07:46.120 from large global companies and retail, manufacturing, and 127 00:07:46.120 --> 00:07:49.600 insurance and more. And so that intuitive knowledge that they 128 00:07:49.600 --> 00:07:52.720 had as being in a service provider transferred into 129 00:07:52.720 --> 00:07:56.920 product IP, and we want to both to accelerate our journey. And 130 00:07:56.920 --> 00:08:00.400 so what we've done is cloudify what they've productized, 131 00:08:00.610 --> 00:08:04.480 integrate it to the number one logging platform, and obviously, 132 00:08:04.480 --> 00:08:08.440 our SIEM product to really help both enterprise customers, as 133 00:08:08.440 --> 00:08:12.700 well as MSPs that they served, accelerate their journey to 134 00:08:12.700 --> 00:08:14.680 automation, and analytics. 135 00:08:16.000 --> 00:08:19.180 Michael Novinson: Alright, interesting. Looking forward, do 136 00:08:19.180 --> 00:08:22.570 you anticipate strategic commitment, M&A continuing to be 137 00:08:22.570 --> 00:08:25.630 part of the strategy? Or have you really taken a step back, 138 00:08:25.660 --> 00:08:29.110 given the macroeconomics or given the state of your 139 00:08:29.110 --> 00:08:29.800 platform? 140 00:08:31.180 --> 00:08:34.660 Ramin Sayar: Well, I can't say never. And, you know, I think 141 00:08:34.690 --> 00:08:38.080 what we are seeing in the market today is there hasn't been a 142 00:08:38.080 --> 00:08:42.010 rebalancing yet, in terms of valuations on the private side 143 00:08:42.010 --> 00:08:44.470 of the house where there has been a massive rebalancing on 144 00:08:44.470 --> 00:08:49.060 the public side. So once those do settle, we'll see. I would 145 00:08:49.060 --> 00:08:51.460 argue, though, however, we have the most comprehensive 146 00:08:51.490 --> 00:08:55.660 cloud-native platform for both reliability and security on the 147 00:08:55.660 --> 00:09:00.760 market. And so if we do look, it will be looking to bring in more 148 00:09:00.760 --> 00:09:04.840 talent, accelerate edges of what we're doing, right? And it will 149 00:09:04.840 --> 00:09:11.200 tie into our multi-year product strategy we call horizons. And 150 00:09:11.200 --> 00:09:15.160 so we've been focused on horizon one, horizon two, horizon three, 151 00:09:15.160 --> 00:09:17.800 and we also have a horizon four effort that we've been working 152 00:09:17.800 --> 00:09:21.550 on. And so as it fits into one of those - great team, great 153 00:09:21.550 --> 00:09:24.490 cultural fit, celebration of those agendas - then we'll 154 00:09:24.490 --> 00:09:25.000 consider it. 155 00:09:26.840 --> 00:09:29.060 Michael Novinson: In terms of those horizons, what do you feel 156 00:09:29.060 --> 00:09:32.150 are some of the biggest advances you've made from horizon one to 157 00:09:32.150 --> 00:09:33.080 horizon four? 158 00:09:35.400 --> 00:09:38.670 Ramin Sayar: I think one of the biggest advances is in our core 159 00:09:38.670 --> 00:09:43.020 platform. If you look at the challenge that we are all facing 160 00:09:43.020 --> 00:09:45.900 in industry as practitioners whether you're a developer, site 161 00:09:45.900 --> 00:09:48.960 reliability engineer, security operations, threat hunter, 162 00:09:49.770 --> 00:09:53.460 budgets are not growing as fast as data. The tsunami of data is 163 00:09:53.460 --> 00:09:57.840 outpacing, accelerating, every tool that's out there, and so 164 00:09:57.840 --> 00:10:01.200 that creates a lot of complexity. that complexity is 165 00:10:01.200 --> 00:10:06.060 further created because of the new architectures. Specifically, 166 00:10:06.060 --> 00:10:09.480 if you look at, we've gone from three tier applications to entry 167 00:10:09.480 --> 00:10:12.750 applications. Now you're running on this opaque cloud 168 00:10:12.750 --> 00:10:15.840 infrastructure that's really ephemeral, so it comes and goes, 169 00:10:15.990 --> 00:10:18.960 and makes it really hard to kind of track troubleshoot and let 170 00:10:18.960 --> 00:10:22.950 alone monitor, right? And then third, to understand the impact 171 00:10:22.950 --> 00:10:26.490 they may have to posture security threats. So what we've 172 00:10:26.490 --> 00:10:30.450 been doing a lot in that foundation, technology platform 173 00:10:30.600 --> 00:10:33.810 is being able to ingest all types of data - structured, 174 00:10:33.810 --> 00:10:39.120 unstructured, metadata, events - and being able to reason over 175 00:10:39.120 --> 00:10:42.330 that through collection, through our ingest pipeline, through our 176 00:10:42.330 --> 00:10:45.780 persistent stores. So that ultimately, we can drive more 177 00:10:45.780 --> 00:10:49.320 analytics on top of that, and apply it towards horizon two, 178 00:10:49.320 --> 00:10:52.770 which is observability; horizon three, which is security; and 179 00:10:52.770 --> 00:10:57.600 more. So a lot of investment's gone into the technology, which 180 00:10:57.600 --> 00:11:01.200 allows us to innovate not only by features, but also through 181 00:11:01.200 --> 00:11:04.800 packaging and licensing. Our cloud flex licensing model 182 00:11:04.800 --> 00:11:08.430 really helps customers be able to take advantage. Secondly, our 183 00:11:08.430 --> 00:11:12.600 enterprise suite allows them to either, you know, pick one 184 00:11:12.630 --> 00:11:16.470 enterprise suite or pick both observability and security or if 185 00:11:16.470 --> 00:11:19.530 they want, they can start with one and evolve. Again, 186 00:11:19.710 --> 00:11:22.800 flexibility choice for customers. So a lot of 187 00:11:22.800 --> 00:11:25.800 investment's gone into our foundation and technology 188 00:11:25.800 --> 00:11:28.560 platform. Similarly, a lot of investments gone into our 189 00:11:28.560 --> 00:11:33.840 observability suite. We just announced some new capabilities 190 00:11:33.840 --> 00:11:37.200 today around reliability management, SLI SLO and more 191 00:11:37.200 --> 00:11:40.740 around observability. And also earlier last month, talked a lot 192 00:11:40.740 --> 00:11:44.640 about the security enhancements we've done. So we're continuing 193 00:11:44.640 --> 00:11:48.660 to invest in features, usability, collection, and so 194 00:11:48.660 --> 00:11:53.610 much more that delivers ultimately, better value for our 195 00:11:53.640 --> 00:11:54.660 technology and our staff. 196 00:11:56.760 --> 00:11:58.320 Michael Novinson: Speaking about the security side of the 197 00:11:58.320 --> 00:12:02.010 business, what are the biggest changes you've seen in terms of 198 00:12:02.010 --> 00:12:04.680 what customers need from a security operations platform? 199 00:12:04.680 --> 00:12:07.380 How have the needs of the customer evolved since the onset 200 00:12:07.380 --> 00:12:08.850 of the COVID-19 pandemic? 201 00:12:10.340 --> 00:12:18.350 Ramin Sayar: I think the pace and the sophistication of the 202 00:12:18.350 --> 00:12:24.110 attacks has only increased every month, every quarter. If you 203 00:12:24.110 --> 00:12:27.770 look back and you look at, you know what used to go on for us 204 00:12:27.770 --> 00:12:30.500 security practitioners with Patch Tuesday, it was a pretty 205 00:12:30.500 --> 00:12:34.490 static environment, right? A lot of data was flowing through, you 206 00:12:34.490 --> 00:12:38.150 know, your DMZ, your firewall, and you're able to oftentimes 207 00:12:39.350 --> 00:12:43.610 detect or prevent that before it made its way in. And the real 208 00:12:43.610 --> 00:12:46.850 risk was a patch that didn't get updated or something that you 209 00:12:46.850 --> 00:12:49.340 know, was done internally. Now, if you look at this 210 00:12:49.340 --> 00:12:53.780 sophisticated phishing email, supply chain attacks, and more, 211 00:12:53.930 --> 00:12:57.320 there's so many bad actors inside and outside. And the 212 00:12:57.350 --> 00:13:00.830 surface of attack is so much broader. It's not confined to 213 00:13:00.830 --> 00:13:03.950 your colo, your data centers. It's your SaaS apps, your cloud 214 00:13:03.950 --> 00:13:06.590 infrastructure, and more. I think one of the biggest 215 00:13:06.590 --> 00:13:12.290 challenges for a lot of folks is, where do I focus? And how do 216 00:13:12.290 --> 00:13:15.890 I focus because I'm inundated with false alarms all the time. 217 00:13:16.340 --> 00:13:20.540 And so it really drives the need for the technology architecture 218 00:13:20.540 --> 00:13:23.510 leadership that we have, with respect to that foundation 219 00:13:23.510 --> 00:13:27.170 platform, automation, and analytics that sits on top of 220 00:13:27.170 --> 00:13:31.280 it, to be able to collectively as a community, be able to work 221 00:13:31.280 --> 00:13:35.900 on things like, obviously Log4j, or things like the supply chain 222 00:13:35.900 --> 00:13:38.630 attacks, and give visibility and be able to prevent that and 223 00:13:38.630 --> 00:13:41.630 share common best practices, because we as a security 224 00:13:41.630 --> 00:13:44.630 community, need to come together to be able to attack the bad 225 00:13:44.630 --> 00:13:46.100 guys, not individually. 226 00:13:48.350 --> 00:13:50.060 Michael Novinson: In the security operations world, if 227 00:13:50.060 --> 00:13:53.330 you're in a competitive bid scenario, what vendors or who 228 00:13:53.330 --> 00:13:57.440 are you encountering the most often and what tends to be the 229 00:13:57.440 --> 00:14:00.050 reason you win are the things that sets you apart in those 230 00:14:00.050 --> 00:14:01.340 competitive bid scenarios? 231 00:14:02.680 --> 00:14:06.310 Ramin Sayar: Well, I think in the tool chain of security, 232 00:14:06.310 --> 00:14:09.910 there's a modernization happening at every level, you 233 00:14:09.910 --> 00:14:13.720 know. From appliances, to firewall services, right? From 234 00:14:13.750 --> 00:14:19.810 legacy endpoints to new SaaS endpoints, from legacy email to 235 00:14:19.840 --> 00:14:23.170 new email sophisticated tools that use analytics and 236 00:14:23.170 --> 00:14:27.070 crowdsourcing and so much more. And so it's really around how we 237 00:14:27.070 --> 00:14:31.030 integrate to the new and the old that distinguishes us, let alone 238 00:14:31.030 --> 00:14:34.240 our technology differentiators. Let alone the fact that we've 239 00:14:34.240 --> 00:14:37.510 been doing this ourselves for over 12 years in the cloud, for 240 00:14:37.510 --> 00:14:41.020 the cloud and protecting our customers and ourselves. So what 241 00:14:41.170 --> 00:14:44.350 goes into the product is what we've seen how we've been 242 00:14:44.350 --> 00:14:48.370 managing our service, not just what we integrate with. And so I 243 00:14:48.370 --> 00:14:52.690 think when customers see that, realize that, they're able to 244 00:14:52.810 --> 00:14:56.470 have a confident approach with Sumo of how they can get from 245 00:14:56.470 --> 00:15:00.010 where they are today to where they need to be, whether it's 246 00:15:00.010 --> 00:15:02.620 legacy SIEMs because there's a lot of them that are out there 247 00:15:02.620 --> 00:15:07.960 still, to the modern cloud SIEM, or they may run them in tandem - 248 00:15:08.260 --> 00:15:11.710 leave the old SIEM for the legacy environment and bring in 249 00:15:11.710 --> 00:15:15.160 Sumo to address their new environment. And gradually as 250 00:15:15.160 --> 00:15:18.460 they migrate data, infrastructure, apps, users, 251 00:15:18.580 --> 00:15:22.780 then they're already covered. So we typically win because of 252 00:15:22.780 --> 00:15:26.590 that. Now, the other answer to your question is, it's still 253 00:15:26.590 --> 00:15:30.880 tied up in old legacy SIEMs. That's one set of competitors, 254 00:15:30.880 --> 00:15:35.170 where they're figured out how to essentially shut the lights off 255 00:15:35.200 --> 00:15:38.440 over the time of the contract. And because more likely the 256 00:15:38.440 --> 00:15:42.070 person or teams that implemented that are no longer there. So the 257 00:15:42.070 --> 00:15:46.180 manual correlation rules and the static rules are not applicable. 258 00:15:46.480 --> 00:15:49.150 So they need someone to help integrate and manage that, let 259 00:15:49.150 --> 00:15:52.900 alone drive the path. So that's where we differentiate in 260 00:15:52.900 --> 00:15:54.670 addition to our technology differentiation. 261 00:15:55.960 --> 00:15:57.670 Michael Novinson: Very interesting. Let me ask you here 262 00:15:57.670 --> 00:16:00.730 finally, when it comes to the CISO community, what do you feel 263 00:16:00.730 --> 00:16:03.760 that CISOs are overlooking most right now and why? 264 00:16:08.070 --> 00:16:15.000 Ramin Sayar: I think there's a whole slew of requirements 265 00:16:15.000 --> 00:16:19.230 coming down on any public company, and or private company 266 00:16:19.230 --> 00:16:23.520 in terms of how you do business. So the SEC rulings that are 267 00:16:23.520 --> 00:16:28.050 coming down in terms of that, the GDPR stuff, the privacy and 268 00:16:28.050 --> 00:16:32.190 sensitivity of data, there's so much coming out at a CISO right 269 00:16:32.190 --> 00:16:36.600 now. She or he has a hard time prioritizing which one of those 270 00:16:36.600 --> 00:16:41.010 to do first. And I think we as a community need to probably come 271 00:16:41.010 --> 00:16:43.530 better together to be able to share some of those best 272 00:16:43.530 --> 00:16:46.980 practices versus try to firefight. And I think a lot of 273 00:16:46.980 --> 00:16:49.920 CISOs are firefighting, because they're stuck with old 274 00:16:49.980 --> 00:16:53.370 antiquated tools, technologies. They are struggling with people 275 00:16:53.370 --> 00:16:56.010 and talent, and the business is moving to the cloud, and they're 276 00:16:56.010 --> 00:17:00.450 trying to keep up. So the more that we can bring our community 277 00:17:00.450 --> 00:17:03.810 together to share best practices, the easier it will be 278 00:17:03.810 --> 00:17:07.170 for all of them and us to transition effectively. So 279 00:17:07.170 --> 00:17:12.420 that's one. Second is get involved; get involved in 280 00:17:12.420 --> 00:17:17.310 helping shape what we're doing as a community, but also what 281 00:17:17.580 --> 00:17:21.060 other rulings are coming about us because a lot of times those 282 00:17:21.060 --> 00:17:24.120 who make those rulings aren't practitioners and don't know how 283 00:17:24.120 --> 00:17:28.770 to manage security operations teams. So use the community to 284 00:17:28.800 --> 00:17:32.070 influence some of those things that are going on with, you 285 00:17:32.070 --> 00:17:34.710 know, best practices and industry for Fed or for 286 00:17:34.710 --> 00:17:37.860 government or for verticals or the like, versus how they 287 00:17:37.860 --> 00:17:38.910 dictate it to us. 288 00:17:41.010 --> 00:17:42.990 Michael Novinson: Interesting stuff, Ramin. Thank you so much 289 00:17:43.050 --> 00:17:43.680 for the time. 290 00:17:44.700 --> 00:17:47.460 Ramin Sayar: Michael, thank you as well. And appreciate the 291 00:17:47.460 --> 00:17:49.770 opportunity to see you and talk a little bit more about what 292 00:17:49.770 --> 00:17:50.460 Sumo's driving. 293 00:17:51.210 --> 00:17:53.250 Michael Novinson: Absolutely. We've been speaking with Ramin 294 00:17:53.250 --> 00:17:57.450 Sayer. He is president and CEO of Sumo Logic. For Information 295 00:17:57.450 --> 00:18:00.690 Security Media Group, this is Michael Novinson. Have a nice 296 00:18:00.690 --> 00:18:01.050 day.