Cloudflare Innovator Program Fireside Chat
Presented by: Alaina Kretchmer, Eric Pierce, Kim Macko
Originally aired on March 23, 2022 @ 5:30 PM - 6:00 PM EDT
We are very excited to announce the launch of the Cloudflare Innovator Program! The Innovator Program provides a platform for our customer advocates to share and amplify their achievements, inspire others and network with their peers.
To celebrate the launch, please join us for our very first Innovator Spotlight, where we'll discuss Innovation with Eric Pierce, Director, Cyber-Security at Mindbody , and how it plays a role in his life - both inside and outside of work.
You can find more information on the Cloudflare Innovator Program on our website https://www.cloudflare.com/innovator-program/
English
Transcript (Beta)
Hi everyone and welcome back to Innovator Spotlight on Cloudflare TV. I am Alaina Kretchmer and I'm on the Customer Advocacy Team over here at Cloudflare.
If you missed our earlier segment, we are here today announcing the official launch of the Cloudflare Innovator Program, which provides a platform for our customer advocates, aka our Cloudflare innovators, to share and amplify their achievements, inspire others, and network with their peers.
Today I am joined by Kim Macko, also from Cloudflare, also from the Cloudflare side, and then we have with us Cloudflare innovator, Eric Pierce, but we call him Pierce.
So Kim, I'll go ahead and pass it over to you to first introduce yourself. Thanks Alaina.
Hi, everyone. My name is Kim Macko, I'm the account executive here at Cloudflare.
I am based in Los Angeles and supporting our customers in the Southern California territory, including Mindbody.
So I'll pass over to Pierce to introduce yourself.
Pierce.
Hi.
Yeah, I'm Eric Pierce or Pierce. I'm the director of cybersecurity here at Mindbody.
I've been...
and I report out from the central coast, beautiful central coast of California. And I've been with Mindbody about eight or nine years now.
Can you tell us a little bit about what Mindbody does or is?
Sure, yeah.
So we have a mission statement, right, which is helping people lead happier, healthier lives by connecting the world to wellness.
So we're basically, our direct customers are people who own yoga studios and hair salons and gyms and things that are involved with wellness and beauty, where those are our direct customers who pay us the subscription, and then we have their customers, which we call consumers.
And so we're putting those consumers in touch with our customers.
We're helping our customers run their businesses, whether it's a wellness, beauty, whatever.
We're putting those people in touch with one another and helping improve everyone's life.
I think Kim and I can both say that we are customers of Mindbody.
Absolutely.
Definitely. I love the Mindbody app and it's so easy to use and, you know, last-minute yoga classes or, you know, a hair appointment.
I easily book it on Mindbody. So big fan.
That's great.
I love hearing that from the consumers out there that people are seeing real value and it's improving their lives and that kind of thing.
It makes working at a company like this even better, right?
You know, there's the tech and loving cybersecurity and that kind of stuff.
But also believing in the mission and in the brand and what the company is doing is also a great way to like go attack work and enjoy your day.
Yeah.
And I think we can say the same at Cloudflare, right? Like, we all super believe in the mission of helping to build a better internet and so, it gets us up every day, helps us want to do a better job.
So we totally are on the same page there.
So, Pierce, our first question is, as you know, a huge part of what makes Cloudflare Cloudflare is this deep dedication to innovation.
And our customers are a big part of why we continually strive to always be innovating.
And it sounds like Mindbody is of that same mindset, for lack of a better word.
You guys were recently named one of the top ten most innovative companies in wellness.
So hoping you can talk a little bit about how Mindbody achieved this and how the importance of always thinking outside of the box is important to the success of Mindbody.
Sure.
I mean, there's a lot of ingredients in that soup, right? There's...you want to attract and retain the right talent, so you've got to have a product and a mission that people believe in, as we were just talking about.
There's having the right culture where people are allowed to try things and fail from time to time and that kind of thing.
Having diversity, diversity of opinions, diversity of people.
So you get more than one perspective in the room.
And I think also, too, there's this element of boldness, you know, at Mindbody.
I think that's one of those core beliefs is that you have to kind of be bold and you have to try new things.
And, you know, as a matter of fact, our annual conference is called Bold.
That's sort of how core of value that is, in a way.
And I think that's a thing that we share with a lot of our customers too.
Our customers are doing bold things.
So when you go and you get that business loan to open up that hair salon you always wanted to open up or that yoga studio or whatever, it takes a bold kind of person to go put everything on the line and risk all your finance and everything to go make that dream happen and go try and open that business that hopefully improves people's lives.
Probably you're opening that yoga studio because you feel like you can help people and you're very passionate about that kind of thing.
And so I think having that boldness of spirit and mindset helps you innovate as well.
And I think that's sort of how we achieve that a Mindbody. I love that.
So staying on the theme of security with current events and the always changing landscape of cybersecurity, you know, they must keep you on your toes.
And some say that cybersecurity is a moving target and you will always have to be ahead of the game.
Can you share with us about any trends that you're seeing in the security industry and how you're adapting to them?
Yeah, sure.
You know, because I've been doing this probably since about 2007. And so I've seen some things come and go.
And I feel like, you know, back when I really first started this and before that even when I was a sysadmin, it was a lot of hyper specialization.
You know, you would go to Palo Alto to buy the very best firewalls and the firewall would have all the bells and whistles and it would do everything a firewall ought to do and more.
And it was just this amazing, hyper-specialized, very expensive physical product.
Right? And then now, what I've seen over the last few years, is we moved further and further away, for one, from on-prem gear like physical firewalls and that kind of stuff, and more towards cloud-centric kind of technologies.
But also we're moving away from that hyper-specialization to something that sort of converges and consolidates capabilities.
And so that's the thing that's really exciting to me is as we moved over to this cloud model where everything, like all the fundamental stuff that you need out of a firewall or out of a server, that's all just handled under the hood now.
Now you can start talking about operationalization and managing all of this stuff.
Infrastructure is code, consolidating your capabilities. Now you can start to stick these capabilities together, like Lego blocks.
And so that's the thing that's really interesting in security now is there's a lot of these products out there that are almost like this amoeba that just grafts different capabilities from other really good bespoke tools for these certain use cases.
You just integrate with this API on this one tool and this other API on this other tool.
And now you have this super tool that combines the capabilities of both, right?
So some examples of that are the Cloud Native Application Protection Platforms or CNAPPs.
You know, those are, examples might be Wiz or Orca or Check Point's Dome9, those kinds of things that like, they do vulnerability management, but they don't do it just on that one layer like we used to deal with in just server patching for Rapid7 or whatever.
They're now looking at cloud configuration, they're looking at container pipelines, they're looking at code review, they're doing all of these other things at various layers of the stack to do that.
And the way they accomplish that is by interfacing with all these different APIs for all these different tools, consolidating all of that data together, and then giving you a much broader picture in one place.
In the old hyper-specialized world, we were having to go into ten separate consoles, all with their own conventions around UI, and you had to master these ten different things.
Isn't it great now that people are deploying these tools and all these tools have these APIs that allow you to access or even manage those tools from one place?
And you can build your own Python scripts if you want, but there's also people who are just building tools that integrate with other tools, and those things are really actually problem solvers for us, which actually leads me to the other one that I am seeing too is these cyber asset attack surface management tools, like Axonius, right?
That's one that we adopted a couple of years ago.
And we absolutely love this thing because what all Axonius does is it integrates with the APIs for like for ServiceNow and Rapid7 and Wiz and any other CMDB you can think of, any other security tool you can think of, it interfaces with all of them.
It brings all of that data in.
And now if my boss asks me, Hey, I need you to tell me how good of a coverage do we have on endpoint protection?
Well, now I can go query that one tool and say, well, according to this, in the last, of all the machines that were seen in the last 30 days, this many of them had endpoint protection installed and checking in, and this small percentage didn't.
Oh, well, we need to go fix those.
Right?
He asked me the same question three or four years ago when he first arrived. He's like, Hey, how good is our coverage for endpoint protection?
And I said, You want to give me a month?
Because I'm going to need to go pull a spreadsheet from ServiceNow, I'm going to go need to ask this other team that individually manages this, I'm going to need to sort all of that and all these spreadsheets, and then I'll do some data manipulation and I'll have to carve out the ones that we don't, that we think are stale records.
It was a huge process to just even figure out what assets do you own? It seems like a simple question, right?
It's not when you have all these different systems and all these different managers of all these different assets, it's actually a really hard question to answer.
So solutions like Axonius that can pull from many sources at once, they help us de-duplicate and get rid of the stale records and the cruft and now, day to day, without anyone manipulating a spreadsheet, I can look and see exactly how good our coverage is for endpoint protection and give them a report or send an alert or do something like that.
So those are the kinds of things that I think solve a lot of problems now, is this this convergence kind of stuff that just sticks a whole bunch of APIs together, like Lego blocks, and gives you this super capability.
That's the really interesting, neat stuff that security is doing now.
I mean, it's not only saving, it's not only making things easier, it's saving time and it's saving money.
I mean, to go from a month to an instant, instantaneous thing is pretty cool.
Yeah.
And you know, it's worth mentioning, too, that Cloudflare is also doing this in a way.
You're in a much more traditional space, I would say, doing CDN. Right?
That's sort of what put you on the map. But even Cloudflare, you're doing some consolidation and convergence, right?
You've now got a capability that directly competes with Zscaler, right?
You've got this thing that basically allows you to implement remote access anywhere in the globe because why?
You already have all this huge mesh network, you already have all these points of presence, you might as well leverage that for other stuff, right?
So again, even the more traditional players are doing things that are in this trend.
Yeah, that's great.
And really, on that same note, you know, we understand that cybersecurity is super important to organizations.
But what are your thoughts around how security is changing for an individual outside of work?
Yeah.
You know, I think the individual outside of work is sort of always about ten years behind what industry like cybersecurity people are doing or tech people are doing.
Or even certain government agencies. You know, a lot of us were adopting multifactor authentication years and years ago because we realized the password is dead and all that kind of stuff.
Security guys have been saying the password is dead for, I don't know, 20 or 30 years.
It's still not really dead.
A lot of people are just using single-factor, but it does seem like the big players, the Googles and the Facebooks and those of the world are now more and more, if not forcing people, strongly encouraging people to adopt multifactor authentication because they realize they are that one central point where if somebody gets hosed there in Google, now somebody can do a password reset on all the other things that report into their Gmail account and now they can take over all these other things.
So Gmail and Google, they realize that they are one of those central, like Achilles heels for their customers and now they're forcing them to adopt those security protocols or like letting them know, hey, somebody logged into your account from this weird device in China.
Why did that happen?
You know, I haven't been to China recently.
I'd want to know that as a consumer.
So those kinds of things are now being surfaced to the consumer where they were only really the concern of security guys ten years ago, 15 years ago.
Right?
And I think that's probably the biggest, most prominent example is MFA. I think consumers are a bit more savvy about phishing and stuff like that too.
I think there's a lot more regular, just by osmosis, people are talking about, Oh yeah, that scam that I saw or I see it on Facebook sometimes like, Oh yeah, don't respond to me, I got hacked or whatever.
That's not really me messaging you or somebody tried to get my MFA token.
They tried to send me this text message and I knew what that was.
I'm seeing people get more savvy.
They're just getting, they're almost being trained just by the media and just by their friends and everything else, whereas it just wasn't a topic that anyone besides security nerds was talking about ten and 15 years ago, which is the other big thing too.
The regular news cycle and media, they are constantly beating a drum around ransomware is a problem.
Nation-state hackers are a problem.
Someone could take down the power grid, you know, like whatever it is, we're seeing a lot more of that kind of stuff.
And so the consumers are just more aware, even if they're not, even if they don't understand the particulars of how it works, they understand that these threats exist and what it might mean to them as an impact.
Oh, if I get ransomware, if I get phished, it means I may just lose access to everything on my laptop.
I don't have to know how encryption works. I just need to know my laptop's a brick if I fall for this, you know?
So that's, I think they're just becoming more aware.
Yeah, it is a really good point.
Like, I don't know, five, ten years ago, we didn't have all of this insight into all of these breaches that were happening all over the world.
And now, I mean, not just with social media, but we're just more aware of all this stuff that's happening.
Well, it's also probably they're getting more savvy at breaking into all of these places, too.
But so it's not that we are getting, we're not getting dumber with it.
We're getting smarter.
Yeah, yeah.
It's just more part of the popular consciousness. Yeah, exactly.
And it's interesting that one of the examples you brought up here is when I got an email on Google alerting that, "Were you in Mexico trying to log in to your email?" So immediately I'm like, "No, I wasn't in Mexico." I need to change my email password right away because that wasn't me.
Or, you know, another good example, like you just said, Mexico.
And I was like, you could have been on a VPN.
There's another thing.
People who actually know what a VPN is and they're using one as consumers, right?
That was a thing we only did for corporate security back in the day.
Now, people, because they value their privacy, want to come through a VPN or they want to torrent their latest TV show.
I was going to say that's how I'm watching Peaky Blinders right now.
Right?
But you didn't hear it from me.
So I get it.
You know, like people are now talking about VPNs very commonly who are not tech security nerds at all.
You know, they just, it serves a purpose for them.
Security serves a purpose for the average consumer, where before, I think it was just kind of seen as a blocker.
It was kind of a pain in everyone's ass to like have to deal with whatever security protocol there was.
Oh, you have to have a strong password?
How am I going to remember that?
But now people like kind of accept you got to have a strong password and you should have MFA.
Well, we want it now.
Like we didn't really care before, but now it's like if we don't have it, we feel naked and exposed and we've been made to need it.
So, so moving on.
It was a great a great topic.
Can you give us an example of a company or a person who you think is doing a great job of of always staying that one step ahead of being creative, of innovating.
What are they doing and why do you think it's important for them to continue to do it in the space that they're in?
Yeah.
So I kind of went off on a tangent about them earlier, but they're worth revisiting.
Axonius is one of those tools that is kind of security adjacent. They're like, they're not a firewall, they're not antivirus, but they're helping us do, they're helping us master control 1.
So for those who are not familiar, there's the CIS controls.
I think they used to be called the CIS Top 20 controls.
I think they've rebranded it a little bit and now it's part of NIST, but the very top control for cybersecurity programs everywhere, according to CIS, is not firewalls or antivirus or admin privilege.
It is hardware inventory.
The most critical control anywhere for cybersecurity is hardware inventory.
It is knowing what you own, what's on your network. It's not the thing that most people would expect, but it is one of the most important things.
And so in order to comply with that and try and address that need of CIS 1, the most critical control, Axonius solves that problem really neatly for us because it can pull from all those different data sources and trim off the stuff that are stale records, are only seen by one system, and let us really focus and prioritize on the stuff that is actionable, really owned by us, you know, those kinds of things and has some kind of gap.
Oh, it didn't get endpoint protection or oh, they didn't deploy it from a secure image or whatever.
And by the way, it allows us to do that with accounts as well.
We can look and see, oh, you know, all these people who supposedly offboarded and should have had their Active Directory accounts go dark.
Well, I see that they still have active accounts in Salesforce, so they still have active accounts in all these other things.
To be able to just do that diff all in one place so that we can just see that list of users that didn't get de-provisioned correctly, right?
Those kinds of things.
Even though that's not a security-specific concern, somebody could just use that for their CMBB if they wanted to.
It really brings the security mission forward quite a lot.
So I love that they came out and did that and there's probably other people who are trying to do that or have built similar stuff, but that's the one that kind of came to our attention, that we adopted, that we've now built a whole program around that's really moved our program forward.
Now there's another one that I want to mention, only because it's kind of a hobby of mine, but I'm kind of a big VR nerd.
I'm really into like virtual reality and stuff like that.
I've been following it since the very first Oculus prototype came out in 2011 or whatever it is.
But I always thought that that was a really cool innovation. You know, the guy who invented that first, we'll say current generation virtual reality helmet, you know, Palmer Luckey, he was just a tinkerer, he was like 18 years old in his garage, realized that like phones that we have today, you know, the iPhones and the like that had a pretty high res screen and had a gyroscope and stuff in them, he realized they had all the technology in one device to actually bring VR forward because all you had to do was put that phone directly up in front of you, split the screen, you know, cut out all the rest of the excess light, and by the way, because it has accelerometers and a gyroscope, when you move your head, it knows how you moved your head.
And so we built this thing out of duct tape and wire and stuff, and he showed it off to John Carmack, who's famous for Doom.
Anyway, he showed it off to that guy.
And like that was the birth of modern VR, was this guy tinkering in a garage who realized that like you could tape a phone to your face and give it the right inputs and stuff, and you would get a pretty compelling stereoscopic 3D effect.
And it's gone a long way since that, since those early garage days already in just, what, ten years?
I totally forgot about that.
Yeah, I used to be in advertising and that was like nine, ten years ago.
Yeah, that was like a campaign that we were trying to sell to a customer.
Right?
Holding your phone up and like just seeing stuff in front of you that wasn't there.
I totally forgot about that.
Yeah.
Wow, we've come a long way. We have, right?
So I think that's really interesting. Cool.
People who innovate or think out of the box and build kind of stuff. As a matter of fact, again, Cloudflare is worth mentioning here, one of the reasons I like your company and some of the stuff you do and again, the way we've talked about culture in the past, you know.
I love that Cloudflare is doing things like the Green Compute Initiative, you know, so if that's a cause that's important to you or to your organization, you can go make sure that all your web pages and all your infrastructure and everything, your workers and your workloads are all operating on green- fed data farms and those kinds of things.
Like that's really cool.
And as a matter of fact, so this is kind of personal.
I live in San Luis Obispo County and that's one of the things that you have touted in the last, I don't know, few big slide decks over the last year, you donated services to the county of San Luis Obispo so that we could have the vaccine registration website.
So they had already built some kind of website, right, for the pandemic stuff.
And Cloudflare, I think, donated resources to the County of San Luis Obispo.
I used that website. My wife used that website. So it was really cool, actually, when I saw it in the deck, I was like, Oh, wait, County of San Luis Obispo.
Cloudflare did that.
Go Cloudflare. I know, my mom still sends me, if Cloudflare blocks her from doing something, she sends me a screenshot and "Cloudflare again." Good.
So I guess all this is to say that innovation doesn't just have to be like super interesting, deep technical, like you built a new gee whiz gadget.
It can also be like, how do we take the cool stuff that we have and make the world better?
It doesn't have to be deeply technical.
It can just be like, Oh yeah, we can donate our services to this site to get people vaccinated because we think that's important.
Or we can help our customers ensure that all of their compute is green because that's important.
That's innovation, too.
Yeah.
Totally. Right.
Now, I guess on a lighter note, on a personal level, are there any fun or interesting ways that you use your creativity in your everyday life to like, innovate and make things easier or better?
Yeah.
You know, I mean, it's weird. I don't have a lot of creative.
I don't write music, I don't write novels.
I don't feel like I'm very creative that way.
But I do have talents that I've developed over the years for like networking and technical stuff.
And so I like to use that kind of stuff sometimes to help people.
And I think maybe the only creative element there is I'm making it accessible to people who aren't otherwise technical.
So when I'm deploying a network for my home and then I'm also deploying the same kind of network gear for my kids' school, I actually empowered the lady who works at the front desk at the school to be able to check the traffic on the network and see, oh, if a wireless access point is down, it'll send her an email and she knows to go over to that room and just unplug the device and plug it back in again or whatever.
I can take things that are traditionally technical or a sysadmin required kind of task, and I can help average folks do that stuff or manage it.
And so I did.
I deployed a network for my kids' school and then I set up a central controller up at AWS so that my home network reports into it, the school network reports into it, and I can go into one place to go manage their network or pull a report about what's going on.
Oh, it looks like your access point in the lab went down. You may want to go reset that or whatever.
The school's IT guy.
Yeah, sort of.
Although it's funny, it was a Montessori school and my son has since moved on to junior high.
They're like, "Oh no, where's Pierce?" Junior high at the public school.
But I told him, yeah, I know because I love the school.
And I actually went to that Montessori when I was a kid.
So my parents know them.
So I still I still manage their network even though my son is no longer there by a year.
But that was one of the things, you know.
And the other stuff is my wife worked for several years in a home automation firm and so we're both very tech forward.
And she got access at cost to some really cool devices and gadgets and so she's very good at building out automation schemes for if you come home late at night, it'll turn on the hallway lights to dim and it'll lock the door behind you and it'll do stuff like that.
And my neighbor across the street is also kind of a nerd and he also has like hue lighting and home automation and stuff and he set up, I thought this was really clever, I want to adopt this, he set up light-based reminders for chores.
So like every Sunday, a blue light comes on by the back door and it means "Go take the trash out." And so like you can go take the trash out, know it's like an environmental visual reminder.
Yeah.
You know, so that kind of stuff, which I thought, that's pretty cool. That's kind of creative and innovative to just use your like hue lighting to help you keep a routine or do something like that.
So I guess those are kind of the things in my personal life.
Is he selling that to the greater population?
- I can name 30 things that I need that for.
- I don't remember what automation platform he uses, but he's using some commercial automation platform.
He's just, he's a coder so he's messing with it, you know.
Yeah, it reminds me of all those people that put up the Christmas lights, right.
And put all the lights to music.
Oh, right.
I've seen those YouTube videos. Yeah.
Okay. Well, Pierce, we're coming up to the end and thank you so much.
This was a great conversation.
Super fun.
We love that you're a Cloudflare innovator.
You have great insights and love chatting with you.
Appreciate it.
Thanks for the time. Thanks for hosting me today.
Absolutely.
And for everyone watching, if you'd like to know more about the Innovator program, you can find the link down below in the description to learn more.
Hi.
We're Cloudflare. We're building one of the world's largest global cloud networks to help make the Internet faster, more secure and more reliable.
Meet our customer FindLaw.
FindLaw is a Thomson Reuters company.
They're a digital marketing agency for law firms.
Their primary goal is to provide cost-effective marketing solutions for their customers.
My name's Teresa Jurisch.
I'm a lead security engineer at Thomson Reuters.
Hello.
My name is Jessie Haraldson. I'm a senior architect for FineLaw, a Thomson Reuters business.
So, as the lead security engineer, I get to do anything and everything related to security, which is interesting.
FindLaw's primary challenge was to be able to maintain the scale and volume needed to onboard thousands of customers and their individual websites.
So the major challenge that led us to using Cloudflare is Google was making some noises around emphasizing SSL sites.
They were going to modify the Chrome browser to mark sites that weren't SSL as non-secure.
We wanted to find a way to, at scale, move 8500 sites to SSL reasonably quickly. And doing that to scale up, to speed with our operations, it needed to be something that was seamless, it needed to be something that just happened.
We had tried a few different things previously and it was not going well and we tried out Cloudflare and it worked just kind of out of the gate.
Like us, FindLaw cares about making security and performance a priority, not only for their customers but for their customers' customers.
Faster web performance means having customers who actually continue to sites. It means having customers who maintain and go with the sites.
65% of our customers are seeing faster network performance due to Argo.
So that's an extremely important thing.
The performance, the accuracy, the speed of that site fronted by Cloudflare is super essential in getting that connection made.
I like the continued innovation and push that Cloudflare brings.
And Cloudflare is amazing.
Cloudflare is such a relief.
With customers like Thomson Reuters' FindLaw and over 10 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure and reliable for everyone.
Cloudflare.
Helping Build a Better Internet.