B (4:50)

Thank you, appreciate that. And I can totally appreciate that where especially because you're scaling so fast, the last few years you talked about some things that are key to your success there. And that's that 9, 9010 rule. You talked about anything that is repetitive there in your organization, you have a basically requirement, your culture is to kind of automate that stuff. And then you Talked about that 10% process, the innovation there, where obviously process is important, especially for big tasks, customers that you're working on, on, on large particular problems or innovations. And then of course problem solving, you focus on those big problems and out of that comes where you said you see that innovation. I think that's pretty cool. Thank you for sharing. Rajesh, you've talked about the importance of shifting from assume you're safe to assume you're breached. From your perspective, what does true breach readiness look like inside a large enterprise? And what are the biggest organizational hurdles CISOs face when driving that transformation?

A (5:54)

See, in the last I would say 15 years, there have been a lot of focus on cyber ransomware, time breaches. What started as a Good smart techie guy interested in attacks and really showing that are we secure or not and moving it very quickly towards state sponsored tax. And we investigated a lot, we thought about it, we worked on it. I'll give you a true definition from my perspective. What is a true definition of a breach? Reducing if a particular breach on an attack happens to an organization and that just becomes a small incident. That is the true definition of being breach ready for Microsoft. So let's say a large organization supply chain organization supply chain, logistics building, let's say 300 service centers and attack happens to one of the service centers. Today these service centers are all connected. It can greatly disrupt in some cases half of it. And in other cases the whole organization can whole entire service centers can be completely brought to it because it takes few minutes to bring down their entire service centers across all these 300 service centers. If you have in the country now take that picture in mind and then think about if you have breach readiness in place, you get attacked, but only that one single service center gets impacted and your 299 service centers out of 300 are functioning properly. It is not a great story in the sense that it's not Perfect and all 300 semi centers are functioning, but it's a small incident compared to what it could have happened. That is being breach ready. Breaches are inevitable, they will happen. How well are you prepared to contain those breaches are very important. So take an analogy like a simple analogy like you wear a bulletproof jacket and the bullet hits. It's not you're not injured, it hits you, but you don't die. And the same analogy can be put in that being truly breach ready. Manufacturing products, energy sectors, you name any of the industries. It's a connected world. The most important element of is if a system or a plant or a server gets infected. You just want to create that entire blast radius and make it quality to unit of one. So only that server, only that laptop, only that user, only that service gets impacted and nothing else. That to me is the true definition of being reach friendly.

B (9:02)

Thank you, that's great. And I appreciate the analogy. We talked about the bulletproof vest. Obviously it protects your life, but you still get hit. And the bigger example was with a large supply chain distributing company that may have 300 service centers. And because the way things are connected nowadays, it very easily can happen where if one center is breached, it's possible to bring down all 300. But again being breach ready allows for a smaller scale attack because you're able to contain into that one area which I think is pretty cool and it's just getting worse as you know, with AI and as you mentioned state sponsored attacks, it's just getting more and more. The stakes are getting higher for sure. Yeah, it's very complex world, very much so. So thank you. And Rajesh, the last question I had for you today. As the threat landscape evolves, AI powered attacks, supply chain risks, more IoT endpoints. What do you believe will be the next frontier in enterprise security and how should organization organizations prepare now so they're not reacting to the next wave but proactively building resilience.

A (10:12)

So I think the anti Newton didn't era. You remember Brian and all these movies still happen that you have these aliens attacking channant humans and they take over the country or the world and then there is some superhero who actually saves the whole world. Something in the, in the similar world you might eventually in the last few days might have seen that what agentic systems are doing, they're communicating their own social environment and they communicate. And in the next few years as the AI driven agents will become more and more consumed in organizations, you will see not humans actually or hackers scaling data, you will see agents now stealing data because controls are not that well placed. Agent communication would be a big problem. You really don't know what they're supposed to see and what they're not supposed to see. The control coordinates part just simply does not exist or is not completely hashed after this one in time. And I see that as one very big frontier in the next four or five years as everybody's wanting to walk that AI driven philosophy and it's rightly so because it gives enormous amount of productivity. But when you are leveraging it, the governance and control that a lot of other organizations have in other areas in AI simply don't exist. So you will see those type of attacks. Agents should not be accessing employee data, medical records, customer data, but they are now self determining that they want to fetch this information and make it something interesting. That is another standard CIOs and CISO all presidents and board would be actually system. The implication of that is that companies can become bankrupt in a matter of days because liability still is with the company if somebody's data is stolen or for the gnar, you have intellectual property, you have pharmaceuticals, you have chemicals and they're being made. And any type of an attack in those particular spaces can actually make countries completely go bankrupt within a matter of days. It's not a matter of, you know, years in this case. So that's one area which I personally believe is going to change the landscape, especially for cyber attacks because you just don't have that complete control when it comes to agentic systems. Some level of governance and control that we put in in the last 10, 15 years in other system to system communication, user to system communication users interacting with the data, GDPR comes in, data residency laws are there, but agents don't care about that. Agents don't have to really fetch, go through this entire governance control. So I see that as a very big unknown at this point in time. So having controls, they're using it in a controlled manner. Even if you are trying to use agent AI technologies, fence it, put an isolation plan, put on quality plan, put a segmentation plan in there that can be a very big front. And to me the best way to actually contain that is using the micro segmentation technology that all the CIO CISOs in the board level conversations are already happening there. So we see enormous amount of inputs from customers that hey, I have a data link, how do I isolate it? I want to provide enormous amount of information through the AI agents to my support staff, to my customer and VCS to my production engineers, but I just don't know how to do it. So the best plan at this point in time is to have very clear path, the marketed path and isolated path for those particular systems so that even if you are consuming, even if your agents are consuming that data, but it is ring fenced, it's completely governed and controlled.

B (14:43)

Thank you, really appreciate that. And I like how you walked us through this era where we're entering into gentic AI just like like you said the sci fi movies, right? They had these bots or aliens or whatever breaching our systems. And the same thing here, agents will be stealing data and breaching systems without proper controls in place. That's why you talked about that governance and control which is not fully matured or in fact a lot of companies don't even really have a lot of that today and they need to get that shored up. But this is a huge liability since these attacks can cause companies to go to bankrupt as you said. But if we do zero trust architecture and micro segmentation strategies like you talked about, I think that's going to help us minimize these types of breaches. So I really appreciate that. And Rajesh, it was such a pleasure having you on today and I look forward to speaking with you real soon.

A (15:37)

Thank you. Thanks again for having me here.

B (15:40)

Bye for now.