Join Justin Brodley and Jonathan Baker on TCP Talks our show where we interview industry leaders, vendors, and technologists about Cloud Computing, Robotics, Finops, and more.
The Service Not the Software: Anthony Lye on Evolution and Revolution
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Anthony Lye, Executive Vice President and General Manager of NetApp’s Public Cloud Services Business Unit. An industry veteran for over 25 years, Anthony has been at the forefront of cloud innovation for over half this time.
Anthony shares his insight on the importance of embracing disruption in the tech industry. He discusses how NetApp seized the right opportunities, got lucky, and came to dominate the Cloud space — even while younger app developers may have no idea what it was.
"They don't comprehend — nor should they — the complexities of infrastructure,” Anthony explains. “And I really love the fact that we've been able to democratize ONTAP, because it's cool, but you’ve got to be really smart to get the best out of it. And so we just decided we would be the smart ones.”
What’s really behind innovation in tech? “The context is where you are. And people like to think that the world operates through evolution. And sometimes it's revolution –- sometimes, you have to do something radically different.”
Anthony also discusses cloud computing trends, the importance of customer focus, what NetApp does differently, and the multi-cloud.
👉 Name: Anthony Lye
👉 What he does: Anthony is Executive Vice President and General Manager of the Public Cloud Services business for NetApp
👉 Key quote: “You’ve got to put the customer in the middle of your business. And you’ve got to go where they want you to go. If you don't, your hold may last a while, but it won't last. And I still can't believe that what we did we got away with, and we've gotten so much time to build so aggressively. It's great.”
👉 Where to find him: LinkedIn
🚨 There are two halves of the cloud space: the IT half and the app half. IT people see huge opportunities in extending data centers. App people want to and can build and run their own stacks, and Anthony took advantage of this. “They don't have to wait for the IT people,” Anthony says. “And I wanted to build something for them — I didn't want to just hang out on the IT side. I went and asked a whole bunch of application people: what do you need?”
🚨 NetApp spies huge business growth potential on the horizon with recurring revenues. “Recurring revenues are the best kinds of revenues you can get,” Anthony clarifies. But people don’t always consider this. “Because they're different, they sort of ignore them — they don't like them. And before they know it, they're years behind and caught. And passed as if they're standing still.”
🚨 The customer is and always should be focused on as front and center of any business. For NetApp, the software and implementation are the same, but the unique integrations are what makes the service stand out. With SaaS, it’s now the second “S” — the service — that matters most. “The rule of SaaS is the other Henry Ford thing: you can have it in any color you want, as long as it's black,” Anthony says. “We're going to run it for you as a service, and you're going to love it”, NetApp tells customers, increasing developer productivity and providing a much higher release cadence.
Here's what was mentioned in the episode 👉
✔️ ARM: the most widely used family of instruction set architectures with over 200 billion ARM chips produced.
✔️ CloudCheckr: an end-to-end cloud management platform with cost, security, resource and service functionality.
✔️ CI/CD (continuous integration/continuous delivery): software development approaches often used in tandem for rapid code delivery and deployment.
✔️ Databricks: a data warehouse and machine learning company.
✔️ Elastic Block Service (EBS): an AWS scalable block service.
✔️ EMC: Dell’s hybrid cloud solution.
✔️ Filament: a cloud-native platform for data analysis.
TCP Talks: Monolith to Microservices: Jonathan Heiliger on Modern IT Service Management
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Jonathan Heiliger, co-founder and partner at Vertex Ventures: an early-stage venture capital firm backing innovative technology entrepreneurs.
Earlier in his career, at just 19, Jonathan co-founded web hosting provider GlobalCenter and served as CTO. He went on to hold engineering roles at Walmart and Danger, Inc., the latter of which was acquired by Microsoft. He was also Vice President of Infrastructure and Operations at Facebook (now Meta), and a general partner at North Bridge Ventures. The latter firm’s portfolio included Quora, Periscope, and Lytro (which has been acquired by Google.)
At Vertex Ventures, Jonathan has helped cutting-edge companies like LaunchDarkly and OpsLevel revolutionize the tech space with continuous delivery and IT service management solutions. Jonathan shares his insights into the shifting market of IT services and explains why decentralizing infrastructure management can help digitally native companies operate at a faster pace.
According to Jonathan, the question of IT service infrastructure isn’t being adequately addressed. Without properly defining service ownership, businesses looking to scale run the risk of siloing critical knowledge, and losing track of services networks.
Jonathan also discusses his own experiences running infrastructure at Facebook (oops, Meta), the merits of both centralized and decentralized IT services management, and how he and his partners at Vertex Ventures approach new investments.
👉 Name: Jonathan Heiliger
👉 What he does: Jonathan is a co-founder and partner at Vertex Ventures, an early stage venture capital firm that backs B2B software entrepreneurs. He held his first CTO role at 19, and has previously worked for Walmart; Danger, Inc.; Facebook (soon to be known as Meta); and North Bridge Ventures.
👉 Key quote: “We need systems to help us build bridges from the world of paper-based and in-memory to scaling to tens and then hundreds of microservices. It’s that pain point of tracking all the info about apps and their services, dependencies, ownership and versions that I think is this big problem lurking below the surface.”
👉 Where to find him: LinkedIn | Twitter
🚨 As companies rely on an increasing number of IT services, Jonathan says that it’s imperative that technology leaders establish ownership of IT service management, and meticulously track their software and vendor partners.
According to Jonathan, this kind of IT management is still done in a fairly rudimentary way, even for larger companies. “Every engineering team — even the most well run engineering orgs — the majority of them use Excel spreadsheets to track who owns what service, and even what services may talk to one another,” he says. He sees this as a big problem that’s going to catch up with companies one day.
🚨 When considering whether a centralized or decentralized IT management service infrastructure is best for you, Jonathan suggests doing a deep dive on your business objectives.
For example, digitally native businesses, which rely on a vast network of microservices, might work better with a decentralized infrastructure. Non-digitally native brands, on the other hand, might benefit from a centralized system to ensure continuity in the technology.
🚨 Avoiding vendor lock-in — i.e. becoming too dependent on a single service provider — is critical in keeping your business flexible and agile, but it can be tricky. Jonathan describes a situation at Facebook where vendor lock-in became a problem. The solution the company settled on involved bringing data center creation and management in-house.
He argues, “the biggest way to manage vendor lock-in is through open source and through open communities.”
Here's what was mentioned in the episode 👉
✔️ Vertex Ventures: an early stage venture capita
Josh Stella on How Security Automation is Changing the Game in the Cloud
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Josh Stella, co-founder and CEO of Fugue, a cloud security company that helps businesses run faster on the cloud without breaking any rules.
Josh shares insights from Fugue’s State of Cloud Security 2021 Report, and highlights key themes, including preventative security measures, automation, and engineering-first compliance.
According to the report, within the next two years, all but 1% of security breaches will be caused by misconfiguration of cloud resources. Josh and his team at Fugue aim to minimize these mistakes by simplifying cloud security through a systems-based approach.
One way to streamline security, Josh notes, is to take advantage of automation. With cloud environments becoming increasingly complex, relying on pure knowledge will soon be untenable. Josh urges business leaders to embrace automation to reduce the risk of human error in their security systems.
Josh also discusses how businesses can declutter security tech stacks, the “land grab” happening in the cloud, and trends he predicts will shape the future of cloud compliance.
👉 Name: Josh Stella
👉 What he does: Josh is the co-founder and CEO at Fugue, a cloud security company on a mission to help businesses move faster by ensuring safe cloud environments. He has over a decade of experience in the cloud security space, including positions at Amazon Web Services and in national security.
👉 Key quote: “If Fugue as a software vendor and as domain experts in cloud security can't make your job a lot easier through tooling, then we're not doing our job.”
👉 Where to find him: LinkedIn | Twitter | YouTube
🚨 While compiling the State of Cloud Security 2021 Report, Josh and his team at Fugue interviewed over 300 organizations. They found that as cloud environments have grown and become more complex, organizations are seeing more instances of misconfigurations.
According to the report, 49% of respondents experienced over 50 misconfigurations per day. Another interesting detail: For the first time since Fugue started compiling its annual report, Identity and Access Management (IAM) was the number one concern regarding misconfigurations.
🚨 Josh argues that automation is the next step in making cloud environments more secure. Fugue aims to make security automation easy by providing pre-built rules and templates to automatically check code and monitor deployments.
Looking forward, Josh is optimistic that automation will become a key piece in enterprise cloud security. “The thing I would like to see a change in is the attitude that security problems are because people are screwing up … [I would like to see people] thinking about how to actually solve these problems, which is through computer science and automation,” he says.
🚨 One way to enable automation is to put engineering departments in charge of compliance, as opposed to traditional security teams. According to the State of Cloud Security 2021 Report, more than 66% of businesses are delegating security policy to engineering teams — a trend Josh hopes to see continue.
He says that today, engineering and DevOps teams work so fast security teams struggle to keep pace. Businesses that haven’t moved responsibility for security over to these teams are more likely to experience those potentially dangerous misconfigurations.
Here's what was mentioned in the episode 👉
✔️ Fugue: cloud security company aimed at helping businesses run faster and safer.
✔️ Fugue Regula: an open-source tool that evaluates infrastructure-as-code templates for security misconfigurations and compliance violations prior to deployment.
✔️ Fugue’s State of Cloud Security 2021 Report: Find out more about the trends and insights revealed by Fugue’s survey of over 300 organizations.
✔️ Fugue YouTube: stay up-to-date with the lates
Solutions Architect To SADA CTO: Miles Ward on how and why the Google Cloud has the edge
In this episode of TCP Talks, Justin Brodley and Jonathan Baker talk with Miles Ward, the founder of the Google Cloud’s Solutions Architecture practice. Currently, Miles leads the cloud strategy and solutions capabilities as the Chief Technology Officer for consulting and IT services company SADA.
Startups have helped increase the popularity of open source products among enterprise businesses. Changing systems can be a struggle for larger, more traditional companies. But legacy businesses also want to accomplish more in a shorter amount of time, which requires shedding clunky, legacy systems.
“Those building blocks make it so that companies operate at a certain rate of change. And I know zero companies asking me to slow down their rate of change,” he notes.
The evolution of product compatibility is also discussed. Product sellers need to help customers understand how much of their system fits and how much doesn’t fit in one solution compared to another, Miles says. Customers need to have a clear understanding of what’s involved and how much work it’s going to be.
In addition, Miles shares his thoughts on the role of the CTO as well as the benefits of rebranding a product everybody hates.
👉 Name: Miles Ward
👉 What he does: As CTO of SADA, Miles leads the cloud strategy and solutions capabilities. His remit includes delivering next-generation solutions to challenges in big data and analytics, application migration, infrastructure automation, and cost optimization; and engaging with customers on their most complex and ambitious plans around Google Cloud.
👉 Key quote: “There used to be big crunchy legacy impediments to adoption... But it's 2021 — live in the future, that shit works. Now it's more about making it easy enough and predictable enough to consume that folks can unlock the business justification.”
👉 Where to find him: LinkedIn | Twitter
🚨 Gone are the days when products from different technology providers, like Oracle or SAP, couldn’t work together to solve a customer problem. These days, companies need to make products easy and predictable enough so customers can unlock the business justification straight away.
🚨 For Google Cloud, the next phase of growth will require investment in higher-level relationships with customers. Miles references his experience with current Google Cloud CEO Thomas Kurian (TK).
“TK is super focused about spending the majority of his time face to face with customers,” he says. “He's not doing it to be a glad-hand, he's deal making and proposal pushing and thinking through the machinery of how to build higher level relationships.”
🚨 There’s a huge opportunity to help the “the real world divisions inside of real world businesses” — not just serve the IT department.
Miles says, “I think there's a bunch of cloud providers that are working really hard now to facilitate the plumbing and governance and oversight and security controls and operational management of what is — not a hybrid between their data center, and a cloud — a hybrid between their SaaS fleet and the couple of things they still need to run on their own.”
🚨 Worried about leveraging a Google solution and then having them pull the plug on it? Miles doesn’t think you should be too concerned about deprecation.
“I think they have heard this feedback really loud and clear,” he says. “There's a whole bunch of people that have made it really obvious that if you're going to provide these kinds of tools to outside team members, you're going to have to figure out how to maintain them long term. I think the clearest and easiest path for that is to have the majority of products be built as open source,” Miles adds.
Here's what was mentioned in the episode 👉
✔️ SADA: consulting and IT services company.
✔️ Google Cloud Platform GCP: Google’s clou
TCP Talks with Mark Curphey from Open Raven: 4 Steps to get the birds-eye view of cloud data security
Note: This interview is part of a paid sponsorship between Open Raven and The Cloud Pod.
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Mark Curphey, Chief Product Office and Co-Founder of Open Raven, a fully integrated platform for security and privacy workflows.
Name: Mark Curphey
What he does: Mark is Chief Product Officer and Co-Founder of Open Raven.
Where to find him: LinkedIn | Twitter
Listen to Mark discuss the Open Raven strategy for protecting your data, the use of serverless workflows to scale to enormous workloads. Protecting your data and ensuring compliance using the Open Policy Agent – and more.
Discover – Classify – Monitor – Protect
“The cloud has moved in incredibly fast; security has been moved off to the side and as a result companies don’t know where their data is, breaches are happening constantly, and these are the big things that get companies in the press.”
“Every single customer that we spoke to in the early stages said, a) It doesn't work b) It's ridiculously expensive, and c) It's only on s3 buckets. Well, whilst The Register is always reporting breaches of S3 buckets, my customer data is in RDS! That's a real piece of the problem for me; sure, it's popular, but I shouldn't just be thinking about trying to protect myself from getting on The Register.”
Part of the challenge is that data is not one thing... I may have a name, I may have an address, I may have a card number. There are all sorts of different parameters, and the data could be stored in multiple ways. So you have the concept of like data adjacency; If I have a CCV number, and expiry date and name associated to it that might be something which is real.
With Macie, even if you just use the straight matching techniques, you don't have control over the adjacency thing, so that's why a lot of the basic trivial cases get completely missed.
Security at the edge?
"If you are protecting data in the cloud, you have to wire the tools into the cloud to understand which IAM has access, which routes, which security groups can give you access? That’s the only way to understand the context to protect it. You can't do it in some sort of edge device."
Getting started with Open Raven
Visit openraven.com to get a 15 day trial. Spin up a SaaS instance and go play.
“We already think we're a better choice than Macie, but don't think that's the end goal. Come partner with us, work with us on the end goal, because those are things that we love; solving massive, complex, and interesting problems.”
Get Your Hands Cloudy with Forrest Brazeal from A Cloud Guru
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Forrest Brazeal, a Senior Manager at A Cloud Guru, a cloud education platform that has attracted more than two million students. A Cloud Guru offers full certification training and technical deep dives for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and more.
Forrest talks about why companies need to invest in training to reap the benefits of “cloud fluency,” and how A Cloud Guru is contributing to cloud adoption success at Fortune 500 companies.
While discussing knowledge gaps, Forrest highlights how important it is to clearly identify which cloud services and knowledge areas you’re going to become certified in to avoid missing important high level areas.
“Going through the certification training and prep really helps you to avoid those blind spots that will keep you from speaking effectively to the other teams that you work with,” says Forrest.
👉 Name: Forrest Brazeal
👉 What he does: Forrest is a Senior Manager at cloud learning platform A Cloud Guru.
👉 Key quote: “When I look at people who are going from the data center to the cloud today, they are thinking about the cloud as something that's going to take undifferentiated heavy lifting away from them.”
👉 Where to find him: LinkedIn l Twitter | Personal Website
🚨 Be strategic with your cloud certifications. If you’re trying to reach a certain number of certifications, make sure you have a plan or you might end up with gaps in your knowledge. “It’s so easy to do, right?” Forrest says, “as I'm sitting on one team, and I'm touching one technology all the time, I could go two, three, four years and never know anything about networking because all I'm doing is databases, right? Or never know anything about compute, because all I'm doing is storage. Going through the certification training prep really helps you to avoid those blind spots that will keep you from speaking effectively to the other teams that you work with.”
🚨 College grads beware: Just because you have a Computer Science degree doesn't mean you'll just be writing algorithms all day. If you’re looking at a career in programming, the day to day job includes negotiating with people and figuring out what requirements of the business are - not just writing algorithms. Forrest says “it's figuring out requirements, and it's writing the same line of code and then deleting it because it turns out the business requirement changed.”
🚨 Scaling to zero, where a function can be reduced down to zero replicas when idle and brought back to the required amount of replicas when needed, is one example of how the underlying principles adopted by the serverless community that might have been considered “radical” five or six years ago is now seen as welcome wisdom in the broader cloud community. The term, “serverless,” might be retired eventually, but the fundamental principles will remain and evolve into “cloud native.”
Here's what was mentioned in the episode 👉
✔️ Microsoft Azure: Cloud Computing Services
✔️ AWS: Amazon Web Services
✔️ Google Cloud Platform: Cloud Computing Services
✔️ AWS Serverless Hero: Forrest is an AWS Serverless Hero
✔️ AWS Certified DevOps Engineer - Professional: Professional certification for AWS DevOps
✔️ AWS Certified Solutions Architect - Associate: Certification for AWS Solutions Architect
✔️ Infor: Global software company that builds ERP software cloud products
✔️ Oracle: integrated Cloud Applications and Platform Services
✔️ SAP: Systems in Application Products and Data Processing
✔️ AWS Console: web portal to access and manage the AWS cloud
✔️ Linux Academy: operating system
✔️ Kubernetes: open-source system for containerized applications
✔️Ace of Clouds: the A Cloud Guru blog for enginee