RSA Conference 2024 | Harold Rivas | Trellix

Clips
News
More from RSA Conference 2024

Harold Rivas

CISO

Trellix

Risk management strategies: Trellix CISO, Harold Rivas, discusses combating organized bad actors

As companies navigate the benefits and challenges of rapidly evolving technologies, prioritizing risk management has become crucial.The security industry is experiencing significant disruption, driven by the need for improved efficiency and continued investment in combating organized bad actors. The industry faces an “arms race” against increasingly sophisticated threats. This landscape demands that companies not only bolster security operations but also invest in new capabilities to stay ahead, according to Harold Rivas (pictured), chief information security officer of Trellix (Musarubra US LLC).Trellix CISO Harold Rivas talks to theCUBE about technology and risk management

play_circle_outline The Rise of GenAI: An Interview with Harold Rivas, CISO of Trellix, and Its Implications in Cybersecurity

play_circle_outline Importance of CISOs defining themselves as enablers of the business.

play_circle_outline Sector-specific GenAI adoption strategies to address unique vulnerabilities.

play_circle_outline The Rising Demand for Best-of-Breed Solutions and Consolidation in Security Stack: Implications for Budgets

Info

Harold Rivas | Trellix

Harold Rivas

CISO Trellix

search

>> Hello and welcome back to theCUBE's live coverage coming to you from RSAC here in San Francisco. We are talking all things security and AI and compliance and all those exciting things. Today I'm joined by my colleague Dave Vellante, also David Linthicum, and we are joined for our conversation today by Harold Rivas, who's the CISO of Trellix. Welcome. It's so great to have you.

>> Thank you so much for having me. Appreciate that.

>> Absolutely. So talk with us a little bit about Trellix.

>> Trellix is a global cybersecurity company. I lead the internal program, but I also get to connect with our customers worldwide. It's a very large enterprise. It's supporting multiple vectors, multiple industries, including some of the largest militaries in the world.

>> Oh, sounds very cool. Well, you have a big announcement that you made here at RSAC with some research that you published, and I love your concept here. It's getting into the mind of the CISO, decoding the GenAI impact, which is on every person's mind today. And I love that your subtitle was the CISO's Perspective of GenAI, the Strange Case of Dr. Jekyll and Mr. Hyde. Okay, come on, lay it on us.

>> Well, I think we really are at the precipice of a major, major disruption in our industry. We have both an opportunity and a risk. We have an opportunity to dramatically improve the efficiency of security operations teams out there, but we're also confronted with the fact that our bad actors are going out there mobilizing, getting organized, and finding new and effective ways to attack organizations. So there is quite a bit of an arms race. We're absolutely making the investments. We're looking at and have recently released capabilities that we think will help those operators. And it's only the beginning. We're going to continue to double down and find new and optimized ways to help those defenders because they need it.

>> Well, we have to. As an industry, we have to. We talk about this a lot. The threat actors are deeply motivated. Their motivation to learn all things related to GenAI is probably greater than the rest of ours, simply because there's money at the end of that rainbow. So there's no time to waste. There are a lot of questions to answer, and so it is a really challenging time for customers. What are you hearing? Really, what's top of mind for your CISO customers as you're having these conversations?

>> Yes. At the end of the day, I think we're all confronted with the reality that it is here, and it's here to stay. The challenges for CISOs are not only what are the bad actors doing to mobilize, and how do I keep an eye on what I don't know about their new capabilities, but what is my enterprise doing, and how do I effectively govern this new capability? What are the right steps to influence the organization while, of course, what I like to say, is the role of the CISO, is still being written. It's not totally clear to many organizations exactly where and how to leverage a CISO. I think CISOs everywhere should be leaning into this as an opportunity to define themselves as an enabler of the business, as someone who can really transform the business, while at the same time benefiting from the fact that they then get to manage the risk more effectively. So, for CISOs everywhere, I think we're all really concerned, but I'm optimistic. I'm optimistic about, of course, where I sit I get to see how defenders are mobilizing, how we're taking steps to try and make the fight stronger for the defenders. So it is one of these things where we will have to wait and see a little bit and just see how those creative actors get to work.

>> I could have this conversation with you, and if you told me you're the CIO, I would say, "Oh, yep, makes sense. What you're saying resonates with me." There's an age-old debate where should the CISO report? They shouldn't report to the CIO. That's the fox in the henhouse situation. That should be the CIO or whatever. But I do see those roles coming together. In fact, there's some companies, CISO and the CIO are one role. Snowflake is an example. SunnyBetty, is an example. What struck me in the survey, it's a couple of things, one is GenAI has improved the productivity of the workforce by an average at 38%, according to CISOs. I'm inferring that's not a SecOps specific figure; that's company-wide, as you said, focus on the business connecting to the business. First of all, you're confirming that's the case. Second of all, that's a huge number.

>> That's right.

>> Where do you think that comes from?

>> I think that efficiencies, it's a really fascinating component of what GenAI is bringing to the table in that it really allows that knowledge worker that capability to be distilled into a set of processes and techniques that can then, of course, be automated. So we will see massive disruption across multiple markets. This is just the beginning. I think that that 38% is really low. I think over the next 12, 24, 36 months, we're going to continue to see that number increase as organizations look at how do I best deploy this capability? Where is it going to be the most disruptive? And of course, what are my competitors doing that are getting accelerated benefits from these capabilities? So for us, we're going to look at knowledge work and find ways that we can accelerate. There's a concept of a 10X developer in the technology world. The idea that there are specialized individuals that have far excessive capabilities relative to their peers. Why don't we have 10X accountants, 10X lawyers, 10X, you name it? Because those capabilities just I don't think have been there. I think that GenAI will create that construct; the idea of this person is just 10 times more efficient, more effective than their peer.

>> It's interesting you say that number is low. We were at, I think it was the UiPath show, Shelley, last October. Erik Brynjolfsson is an MIT professor, CUBE alum, author of The Second Machine Age with Andy McAfee, said he'd be disappointed if the productivity numbers didn't double from say 2% to 4% globally as a direct result of GenAI. So that would put this 38% to shame, to your point. The other thing that stood out was a significant portion of CISOs over 90%, 92% actually, said the critical need for sector-specific GenAI adoption strategies to address unique vulnerabilities. So two things going on there. It fits the GenAI power law that we developed a couple of years ago, which we talked about domain specific GenAI. So there's two pieces there. One is the business applying GenAI for very specific, maybe they're smaller language models, but also bringing different security requirements. I wonder if you could elaborate.

>> Absolutely. Happy to. We had an interesting, fascinating set of conversations over dinner last night with a variety of different sector CISOs, and we found how common our challenges are. But when you really start to dig into it, the technologies and the capabilities that enable a business, a water treatment system for example, as opposed to, let's say, a set of ATMs, they're going to be very discrete and unique pieces of capabilities that are enabled through each one of these. And those operators, those people living and breathing the defense of those organizations, business-resilient objectives of those organizations, are well-versed in that. They understand that what's true for GenAI, for knowledge workers, let's say, is going to be different if you're talking about a hospital system where I can't go and deploy new capabilities overnight. So the sector-specific construct, I think, is really important. We need to think about how it's going to impact each organization and therefore, introduce capabilities, guidance for that specific industry. I think that's a really important call-out.

>> I wonder if I could ask you about the cultural impacts of that. When I think about water treatment systems and critical infrastructure, these are systems that are generally run by engineers, not IT people. We've talked a lot this week about the IT and the OT convergence. How do you think about, from a CISO perspective, of bringing those two worlds together so that it's not friction, so that you can align them for the objectives? Are there cultural tips, tricks, best practices that you'd advise?

>> I certainly would encourage CISOs everywhere that if it's within your organization's scope, start to get curious about, and I think it's happening. At earlier points in our trajectory, we were focused on our corporate security and protecting employees, and someone else was worried about making sure those systems ran. Of course, with operational technology risks, with hospital system ransomware cases, we're understanding that all of these systems can be leveraged towards bad actors' objectives. In our keynote, our CEO and myself covered space as a new vector that CISOs are approaching day in and day out. This is effectively the new domain, a new area of focus. So as the role is still unwritten, we're going to continue to expand our understanding of what are the techniques and methods we need to employ to protect those capabilities,

>> Land, air, sea, space, and then cyber orthogonal throughout it.

>> That's right, and now we have the sixth, the private sector, us, which is a new domain of warfare.

>> Right, right. What are you seeing amongst your colleagues on budgets, our numbers, and our partner, ETR? Average IT budgets increasing about mid-3s call it 3-1/2% this year. The security budgets are increasing much faster. Probably 3X?

>> Yes.

>> What are you seeing? Is that sort of a line?

>> It is. What I would say is that this is the age-old challenge of compression, IT budgets, reduction in IT budgets, and then needing to advocate separately, creating the right kinds of relationships to understand that while IT budgets might sometimes need to compress as a function of market forces, the risk oftentimes is only going up. So having a platform to have the conversation with your boards, with your executive committee that allows for you to recognize that the threats are not reducing, it's only getting worse, and therefore special carve-outs for dedicated security budgets are going to be needed. But yes, very much in line with what I'm seeing.

>> With our partners, ETR, we did a piece of research prior to RSA just to get a sense. It was not a huge end. It was 321 CISOs, half of which are attending. And the question was, in the next 12 months, are you going to increase or decrease or stay the same, the number of vendors in your security stack? We were not surprised that the number was increasing. We were a little surprised that it was 51% said it was increasing and only 9% said it was decreasing. And of those, only 6% in the total survey said consolidation is a specific approach to decreasing the number of vendors. Does any of that surprise you?

>> No, not at all. I think that if I look at, as an operator, I have a career that's 25 years in the making now, largely in financial services, one of the realities is we're all focused now on undoing our own mess. We've gone in and deployed countless capabilities, point solutions over the course of a decade plus. We had an identity problem; we deployed an identity solution. We had a phishing problem; we deployed a phishing solution. Managing all of that, 70 to 80 different products is a nightmare for CISOs because you need to retain technology-capable resources that know how to deal with those products. So for us, looking at a consolidation play is going to be absolutely essential to gaining efficiencies, to gaining quicker responses. That's where we see the market going. That's why Trellix is really strategically oriented towards that platform.

>> And is that what you see on average, 70 to 80 tools installed in these large companies?

>> In my last organization, I had 73. So it is spot on. We've surveyed over 500 CISOs worldwide. It's remarkably consistent. Your data, I think also points to a couple of underlying factors. Depending on where in the world you are, there's varying maturity and understanding of cyber risk. Across Latin America, I think there's an increasing awareness. There's some governments that are certainly making appropriate efforts in this regard. But what we have seen is the absence of legal frameworks and guidance has created a real difficulty for CISOs, because if they don't have some external force, there's a single voice in that executive room saying, we really need to recognize this risk, and it's really a difficult thing. I've seen some areas where those numbers might be higher depending on where you are. Perhaps Asia-Pac, perhaps Latin America, it might be a higher number of individuals that are seeing their budgets decrease.

>> We're going to double-click on that because you can't slice the salami too much in these smaller surveys. What about the age-old debate? Because we went back to these folks and said, "Well, why? Why are you increasing?" They said two reasons. One is we need more tools to fill the gaps. And second, which is related, is we got to have best-of-breed. Is that true? From a CISOs perspective, stepping back, do you need best-of-breed? Do you need that, I must say, shiny new toy? It sounds like a pejorative. I don't mean it as a pejorative, but you know what I mean.

>> I absolutely know what you mean.

>> I feel like you've been asked this question before.

>> No, it's the reality I've lived. I can now see CISOs step into an organization, evaluate the program, and make determinations about what do I need, what's been successful in the past, and how do I get there? If you've done that a couple of times over, what you find is I need the glass of milk. I don't need the cow. I don't need all the capability. I need a control that works, and is consistent. It can be best-of-breed, it cannot, but ultimately, it needs to deliver a consistent capability for me so that I can move on and focus on other areas of my overall responsibilities. The desire to go and selectively identify the very best tool in each possible category, I think, is something that is eroding as CISOs really are challenged with, now, how am I going to support that? How do I have the resources always aligned for this incredible mix of capabilities? This is what's giving rise to this recognition. We need platforms. We need things that work consistently, work well together. That's the only way we can fight this fight, because CISOs are taking their eye off of day-to-day operational activities to focus on how is the legal and regulatory landscape changing? How do I influence my board? How do I have the right conversation about budgets? They cannot be spending their days focused on do I have the right person to run this particular tool day-in and day-out?

>> But how hard is it to change? If we have adopted this practice... I did an event a couple of weeks ago that was a composable commerce-focused event. Composable commerce, the theory there makes a lot of sense. You can just plug in the units that you need, and it's quick to scale and quick to deploy, and all that is music to everyone's ears. So it seems like a little bit of what we've done thus far is kind of a composable approach to our cybersecurity architecture and our stack. But when we've got those 70 different tools plugged in, how difficult is it to say, "Oh, we're going to shift to a platform? I mean, that seems like it could be a daunting challenge.

>> It can be depending on the organizational dynamics. I'll admit that. Because, oftentimes, across those 70 products, you might have a variety of different stakeholders. You might have individual constituents that need to be consulted. So from an implementation strategy perspective. But I would say that CISOs have an imperative. Ultimately, coming back to that glass of milk, what I'm after is how do I contain that risk as quickly as possible? How do I reduce the number of alerts that my team has to deal with? So there is a carrot on the other side of fighting through consolidation, reduction, and simplification of my portfolio so that I can have few individuals that are highly specialized, highly trained on those capabilities, on that platform, as opposed to having somebody who just focuses on one of those 72, 73 different products.

>> Yeah. Well, that makes perfect sense.

>> Yeah.

>> Well, Harold Rivas, CISO of Trellix, thank you so much for popping on theCUBE today. It's been great having you.

>> Great to have you.

>> I'm sure this is the first of many conversations that we'll have. And for our viewing and listening audience, thanks for joining us here at RSAC in San Francisco. Keep it on theCUBE for all the news coming out of this event.

Harold Rivas | Trellix

search

>> Hello and welcome back to theCUBE's live coverage coming to you from RSAC here in San Francisco. We are talking all things security and AI and compliance and all those exciting things. Today I'm joined by my colleague Dave Vellante, also David Linthicum, and we are joined for our conversation today by Harold Rivas, who's the CISO of Trellix. Welcome. It's so great to have you.

>> Thank you so much for having me. Appreciate that.

>> Absolutely. So talk with us a little bit about Trellix.

>> Trellix is a global cybersecurity company. I lead the internal program, but I also get to connect with our customers worldwide. It's a very large enterprise. It's supporting multiple vectors, multiple industries, including some of the largest militaries in the world.

>> Oh, sounds very cool. Well, you have a big announcement that you made here at RSAC with some research that you published, and I love your concept here. It's getting into the mind of the CISO, decoding the GenAI impact, which is on every person's mind today. And I love that your subtitle was the CISO's Perspective of GenAI, the Strange Case of Dr. Jekyll and Mr. Hyde. Okay, come on, lay it on us.

>> Well, I think we really are at the precipice of a major, major disruption in our industry. We have both an opportunity and a risk. We have an opportunity to dramatically improve the efficiency of security operations teams out there, but we're also confronted with the fact that our bad actors are going out there mobilizing, getting organized, and finding new and effective ways to attack organizations. So there is quite a bit of an arms race. We're absolutely making the investments. We're looking at and have recently released capabilities that we think will help those operators. And it's only the beginning. We're going to continue to double down and find new and optimized ways to help those defenders because they need it.

>> Well, we have to. As an industry, we have to. We talk about this a lot. The threat actors are deeply motivated. Their motivation to learn all things related to GenAI is probably greater than the rest of ours, simply because there's money at the end of that rainbow. So there's no time to waste. There are a lot of questions to answer, and so it is a really challenging time for customers. What are you hearing? Really, what's top of mind for your CISO customers as you're having these conversations?

>> Yes. At the end of the day, I think we're all confronted with the reality that it is here, and it's here to stay. The challenges for CISOs are not only what are the bad actors doing to mobilize, and how do I keep an eye on what I don't know about their new capabilities, but what is my enterprise doing, and how do I effectively govern this new capability? What are the right steps to influence the organization while, of course, what I like to say, is the role of the CISO, is still being written. It's not totally clear to many organizations exactly where and how to leverage a CISO. I think CISOs everywhere should be leaning into this as an opportunity to define themselves as an enabler of the business, as someone who can really transform the business, while at the same time benefiting from the fact that they then get to manage the risk more effectively. So, for CISOs everywhere, I think we're all really concerned, but I'm optimistic. I'm optimistic about, of course, where I sit I get to see how defenders are mobilizing, how we're taking steps to try and make the fight stronger for the defenders. So it is one of these things where we will have to wait and see a little bit and just see how those creative actors get to work.

>> I could have this conversation with you, and if you told me you're the CIO, I would say, "Oh, yep, makes sense. What you're saying resonates with me." There's an age-old debate where should the CISO report? They shouldn't report to the CIO. That's the fox in the henhouse situation. That should be the CIO or whatever. But I do see those roles coming together. In fact, there's some companies, CISO and the CIO are one role. Snowflake is an example. SunnyBetty, is an example. What struck me in the survey, it's a couple of things, one is GenAI has improved the productivity of the workforce by an average at 38%, according to CISOs. I'm inferring that's not a SecOps specific figure; that's company-wide, as you said, focus on the business connecting to the business. First of all, you're confirming that's the case. Second of all, that's a huge number.

>> That's right.

>> Where do you think that comes from?

>> I think that efficiencies, it's a really fascinating component of what GenAI is bringing to the table in that it really allows that knowledge worker that capability to be distilled into a set of processes and techniques that can then, of course, be automated. So we will see massive disruption across multiple markets. This is just the beginning. I think that that 38% is really low. I think over the next 12, 24, 36 months, we're going to continue to see that number increase as organizations look at how do I best deploy this capability? Where is it going to be the most disruptive? And of course, what are my competitors doing that are getting accelerated benefits from these capabilities? So for us, we're going to look at knowledge work and find ways that we can accelerate. There's a concept of a 10X developer in the technology world. The idea that there are specialized individuals that have far excessive capabilities relative to their peers. Why don't we have 10X accountants, 10X lawyers, 10X, you name it? Because those capabilities just I don't think have been there. I think that GenAI will create that construct; the idea of this person is just 10 times more efficient, more effective than their peer.

>> It's interesting you say that number is low. We were at, I think it was the UiPath show, Shelley, last October. Erik Brynjolfsson is an MIT professor, CUBE alum, author of The Second Machine Age with Andy McAfee, said he'd be disappointed if the productivity numbers didn't double from say 2% to 4% globally as a direct result of GenAI. So that would put this 38% to shame, to your point. The other thing that stood out was a significant portion of CISOs over 90%, 92% actually, said the critical need for sector-specific GenAI adoption strategies to address unique vulnerabilities. So two things going on there. It fits the GenAI power law that we developed a couple of years ago, which we talked about domain specific GenAI. So there's two pieces there. One is the business applying GenAI for very specific, maybe they're smaller language models, but also bringing different security requirements. I wonder if you could elaborate.

>> Absolutely. Happy to. We had an interesting, fascinating set of conversations over dinner last night with a variety of different sector CISOs, and we found how common our challenges are. But when you really start to dig into it, the technologies and the capabilities that enable a business, a water treatment system for example, as opposed to, let's say, a set of ATMs, they're going to be very discrete and unique pieces of capabilities that are enabled through each one of these. And those operators, those people living and breathing the defense of those organizations, business-resilient objectives of those organizations, are well-versed in that. They understand that what's true for GenAI, for knowledge workers, let's say, is going to be different if you're talking about a hospital system where I can't go and deploy new capabilities overnight. So the sector-specific construct, I think, is really important. We need to think about how it's going to impact each organization and therefore, introduce capabilities, guidance for that specific industry. I think that's a really important call-out.

>> I wonder if I could ask you about the cultural impacts of that. When I think about water treatment systems and critical infrastructure, these are systems that are generally run by engineers, not IT people. We've talked a lot this week about the IT and the OT convergence. How do you think about, from a CISO perspective, of bringing those two worlds together so that it's not friction, so that you can align them for the objectives? Are there cultural tips, tricks, best practices that you'd advise?

>> I certainly would encourage CISOs everywhere that if it's within your organization's scope, start to get curious about, and I think it's happening. At earlier points in our trajectory, we were focused on our corporate security and protecting employees, and someone else was worried about making sure those systems ran. Of course, with operational technology risks, with hospital system ransomware cases, we're understanding that all of these systems can be leveraged towards bad actors' objectives. In our keynote, our CEO and myself covered space as a new vector that CISOs are approaching day in and day out. This is effectively the new domain, a new area of focus. So as the role is still unwritten, we're going to continue to expand our understanding of what are the techniques and methods we need to employ to protect those capabilities,

>> Land, air, sea, space, and then cyber orthogonal throughout it.

>> That's right, and now we have the sixth, the private sector, us, which is a new domain of warfare.

>> Right, right. What are you seeing amongst your colleagues on budgets, our numbers, and our partner, ETR? Average IT budgets increasing about mid-3s call it 3-1/2% this year. The security budgets are increasing much faster. Probably 3X?

>> Yes.

>> What are you seeing? Is that sort of a line?

>> It is. What I would say is that this is the age-old challenge of compression, IT budgets, reduction in IT budgets, and then needing to advocate separately, creating the right kinds of relationships to understand that while IT budgets might sometimes need to compress as a function of market forces, the risk oftentimes is only going up. So having a platform to have the conversation with your boards, with your executive committee that allows for you to recognize that the threats are not reducing, it's only getting worse, and therefore special carve-outs for dedicated security budgets are going to be needed. But yes, very much in line with what I'm seeing.

>> With our partners, ETR, we did a piece of research prior to RSA just to get a sense. It was not a huge end. It was 321 CISOs, half of which are attending. And the question was, in the next 12 months, are you going to increase or decrease or stay the same, the number of vendors in your security stack? We were not surprised that the number was increasing. We were a little surprised that it was 51% said it was increasing and only 9% said it was decreasing. And of those, only 6% in the total survey said consolidation is a specific approach to decreasing the number of vendors. Does any of that surprise you?

>> No, not at all. I think that if I look at, as an operator, I have a career that's 25 years in the making now, largely in financial services, one of the realities is we're all focused now on undoing our own mess. We've gone in and deployed countless capabilities, point solutions over the course of a decade plus. We had an identity problem; we deployed an identity solution. We had a phishing problem; we deployed a phishing solution. Managing all of that, 70 to 80 different products is a nightmare for CISOs because you need to retain technology-capable resources that know how to deal with those products. So for us, looking at a consolidation play is going to be absolutely essential to gaining efficiencies, to gaining quicker responses. That's where we see the market going. That's why Trellix is really strategically oriented towards that platform.

>> And is that what you see on average, 70 to 80 tools installed in these large companies?

>> In my last organization, I had 73. So it is spot on. We've surveyed over 500 CISOs worldwide. It's remarkably consistent. Your data, I think also points to a couple of underlying factors. Depending on where in the world you are, there's varying maturity and understanding of cyber risk. Across Latin America, I think there's an increasing awareness. There's some governments that are certainly making appropriate efforts in this regard. But what we have seen is the absence of legal frameworks and guidance has created a real difficulty for CISOs, because if they don't have some external force, there's a single voice in that executive room saying, we really need to recognize this risk, and it's really a difficult thing. I've seen some areas where those numbers might be higher depending on where you are. Perhaps Asia-Pac, perhaps Latin America, it might be a higher number of individuals that are seeing their budgets decrease.

>> We're going to double-click on that because you can't slice the salami too much in these smaller surveys. What about the age-old debate? Because we went back to these folks and said, "Well, why? Why are you increasing?" They said two reasons. One is we need more tools to fill the gaps. And second, which is related, is we got to have best-of-breed. Is that true? From a CISOs perspective, stepping back, do you need best-of-breed? Do you need that, I must say, shiny new toy? It sounds like a pejorative. I don't mean it as a pejorative, but you know what I mean.

>> I absolutely know what you mean.

>> I feel like you've been asked this question before.

>> No, it's the reality I've lived. I can now see CISOs step into an organization, evaluate the program, and make determinations about what do I need, what's been successful in the past, and how do I get there? If you've done that a couple of times over, what you find is I need the glass of milk. I don't need the cow. I don't need all the capability. I need a control that works, and is consistent. It can be best-of-breed, it cannot, but ultimately, it needs to deliver a consistent capability for me so that I can move on and focus on other areas of my overall responsibilities. The desire to go and selectively identify the very best tool in each possible category, I think, is something that is eroding as CISOs really are challenged with, now, how am I going to support that? How do I have the resources always aligned for this incredible mix of capabilities? This is what's giving rise to this recognition. We need platforms. We need things that work consistently, work well together. That's the only way we can fight this fight, because CISOs are taking their eye off of day-to-day operational activities to focus on how is the legal and regulatory landscape changing? How do I influence my board? How do I have the right conversation about budgets? They cannot be spending their days focused on do I have the right person to run this particular tool day-in and day-out?

>> But how hard is it to change? If we have adopted this practice... I did an event a couple of weeks ago that was a composable commerce-focused event. Composable commerce, the theory there makes a lot of sense. You can just plug in the units that you need, and it's quick to scale and quick to deploy, and all that is music to everyone's ears. So it seems like a little bit of what we've done thus far is kind of a composable approach to our cybersecurity architecture and our stack. But when we've got those 70 different tools plugged in, how difficult is it to say, "Oh, we're going to shift to a platform? I mean, that seems like it could be a daunting challenge.

>> It can be depending on the organizational dynamics. I'll admit that. Because, oftentimes, across those 70 products, you might have a variety of different stakeholders. You might have individual constituents that need to be consulted. So from an implementation strategy perspective. But I would say that CISOs have an imperative. Ultimately, coming back to that glass of milk, what I'm after is how do I contain that risk as quickly as possible? How do I reduce the number of alerts that my team has to deal with? So there is a carrot on the other side of fighting through consolidation, reduction, and simplification of my portfolio so that I can have few individuals that are highly specialized, highly trained on those capabilities, on that platform, as opposed to having somebody who just focuses on one of those 72, 73 different products.

>> Yeah. Well, that makes perfect sense.

>> Yeah.

>> Well, Harold Rivas, CISO of Trellix, thank you so much for popping on theCUBE today. It's been great having you.

>> Great to have you.

>> I'm sure this is the first of many conversations that we'll have. And for our viewing and listening audience, thanks for joining us here at RSAC in San Francisco. Keep it on theCUBE for all the news coming out of this event.