Hi, this is Shira Rubinoff, CEO of the Cybersphere Group. I'm here at Blackhat with Gagan Gulati, SVP and GM of AI, Cloud and Security at NetApp. Gagan, pleasure to be with you here today. Pleasure to be with you as well, Shira. It's an honor. Thank you. And thank you for taking time out of this busy conference today. I know there's so many people to meet, so many things to see, just so much going on today at Blackhat. So Goggin AI is being hailed as both the next great defender and the next great adversary in cybersecurity. How do you see the intersection of AI and cyber resilience playing out, and what should organizations be the most focused on? I know that's a mouthful, but please. Yeah. I mean, you're absolutely right. Look, AI is definitely the next big thing. And, you know, our customers are struggling with cybersecurity. So they're both aspects of it, right. Like there are challenges that I brings to the current cyber defense that customers have. Simply because it allows the attackers to go a lot more advanced in their attacks. It's as simple as that. The work that humans used to do is now being done by AI. The number of spam emails that you may get is growing rapidly. The number of phishing attacks is getting more and more complicated and more advanced. So there is definitely a lot of challenges that our customers face today than they faced before the advent of AI. In terms of what the attackers can do to them. But on the other hand, you can look at it as an advantage as well, because now you can bring AI in terms of figuring out where the anomalies are. You can detect anomalies faster. You can respond to them faster. AI helps a lot with respect to automated response. When something goes wrong, it helps our customers become more compliant. Generally speaking, if you do it right. So there are definitely challenges, but at the same time, there are definitely a lot of opportunities. And I think from customer's perspective on organizations perspective, I'll just tell them, look, you got to make sure that you're looking at AI as a boon to your cyber defense, right. You need to go invest in the right AI powered tools. Um, you got to invest in providing the right education to your team in terms of what AI power tools they should use. And just plan your resilience with using the AI tooling, uh, with using AI, generally speaking, and just improve your organization's overall posture. No, thank you for that. And I love the way that you depicted it, both from the adversary perspective, but also from internally. It could be both positive and negative. It's how you use it, but also how you position your company and your employees and the folks within the company at large. And if it's not taken seriously in a very meaningful way, you could have big holes in that. So thank you for that. And what does NetApp do to position themselves to actually assist the organizations as they shift to implement AI and embed security during that implementation transformation? Yeah. I mean, when it comes to building enterprise AI, we know that most organizations are just starting their journey. And when you start the journey of enterprise AI, the first thing that you care about is your data, right? Because data today powers AI, it fuels AI and makes it more enterprise specific, rather than you going to ChatGPT or grok or any of the these toolings tools. So the first thing our customers must do is to secure their data that they're going to use for AI. And the second thing, of course, is then to build the right set of guardrails in terms of ensuring that the right the wrong, right data doesn't go into the wrong hands. Right? And this is where NetApp comes in. You know, NetApp is a data infrastructure company. Intelligent data infrastructure company. And we are all about data management and helping our customers secure their data, protect their data, and govern their data better. Um, whether it's about making sure that the right data is being prepped, um, in terms of how these enterprise AI models will be created, or in terms of ensuring that the AI models themselves are being protected from, um, you know, attacks, from poisoning, from tampering. So there is a lot of work that NetApp does today and is doing continuously to improve, help our customers improve their security posture, their compliance posture. And we even talked about we haven't even talked about privacy when it comes to the overall, you know, AI journey that our customers are driving towards. Well very well said. And NetApp certainly is positioned extremely well for that. And you know when you dial it back. Everybody knows data is king. Everybody wants the data. Everyone's trying to get the data. We're trying to secure the data. Know where it is, know where it sits, who has access to it. So many things we have to think about when it comes to data. And certainly when there's so many tools that are out there in the cybersecurity world, in the advancement of AI, it's very hard to kind of dial it back and see where to start. And I believe you're positioned in a way that organizations need to say, wait a minute. We need to think about data first. How do we secure it? What do we need to do with it and how do we use it? So I'm really happy that you were able to articulate that to our audience because that's super important. So, Goggin, what risks does NetApp see to AI implementation without embedded security? And we all know that the intersection of AI and cybersecurity is critical. So I'd love you to talk about that a little bit. Look, 80% of or 88% per the recent study, or 80%, 88% of the enterprise AI projects never make it to production. Yeah, right. That's the reality. And it's reality for two reasons. One is the security and compliance officers are just not sure of the data that is being used in the pipeline for the enterprise AI to actually make it to production. So that's one standard reason. The second reason why it fails is that the data science is generally who have to go create these data sets that are being used for the to feed into the AI infrastructure. They just can't get to that data set. Or if they get to that data set, they are not sure if that's the right data set. It's being secured. Right. It being it's not being poisoned. They're not attackers coming in. So it's basically a struggle on both sides, both on the sides of data scientists and data engineers who want to curate that data and make sure it goes correctly into the right pipelines. And then, of course, from a security and compliance perspective, you know, having the right lineage of the data, right, having ensuring that every step of the way, both the data and the models were kept secure And that no attacks were discovered and no attacks were, um, there was no attack as such on the data because once the data makes it to the AI pipeline, and let's assume you're creating a chatbot or you're one of the airlines and you have all kinds of data and that data is poisoned. You know, you can imagine the kind of mistrust your, uh, your, you know, uh, your, uh, audience or your customers may have, uh, in a, in a healthcare company, similar story. Right. If the patient data got attacked, um, and somebody was able to take the data set out, you know, it could lead to a big HIPAA disaster from that angle. So, generally speaking, I think that from a security perspective and compliance perspective. Right. Uh, there is a lot of work that needs to be done. And that's where NetApp comes in. Right? Because from NetApp, what we are very good at, and we have been improving, is the security posture of the data estate of our customers right from the time of data preparation to the time when it comes to bringing the data into the pipeline, securing the, you know, helping the customer secure the data through the entire pipeline, and then giving the confidence to the security teams and the compliance teams that they are in good hands, and that this project is actually, uh, driving them towards the right path. So NetApp actually, you know, comes in, you know, from an end to end perspective of helping our customers and therefore helping drive confidence in our security and compliance officers that, you know, that they are in the right hand when the data estate is sitting with data. That's critical. And I love the way that you're mentioning both the security and the compliance. A lot of organizations are solely focused in one area, and you understand and realize that it goes across different areas within the organization, and it's critical to understand and make it relatable to all, everyone and make it also applicable to everyone. So everyone. So that's super important. So you've also talked about the technological challenges in the boardroom perspective, but no single vendor can do it all. As we know. How does NetApp embrace this philosophy and how do you approach building a security ecosystem to protect customers? I think that AI is one of those true hybrid workloads that you can no,single vendor in the space can ever deliver on. You need an ecosystem of players right from the right, from the MLOps tooling perspective, right to the, you know, the actual execution perspective. NetApp has this advantage where it helps us customers, first of all, allow the customer to have data, both on premises in their enterprise world and also in the cloud world. And NetApp today has big integrations that we have done with all three Hyperscaler cloud vendors and the tooling that they offer to their customers. For example, whether it's with Amazon Bedrock or with Google Vertex AI or with the Azure AI word. Right. That's just an example. But at the same time, if the data gravity is on prem more on premises, the more enterprise like, then we work with a lot of our, uh, ISVs and we have integrations and partnerships with almost every MLOps product you can imagine to make that happen. So that's number one. Number two, you know, that's just one side of the house. Then there's an entirely different side of the house with respect to how we work with our big partners, from GPU perspective, from Nvidia or with Lenovo or Cisco and others in helping ensure that the data and the is kept well within the premise of what, you know, what we offer fromthe AI, um, processing perspective. So NetApp has this very clear view that we are the intelligent data infrastructure company problem that we need to go work with the vendors of choice from all persona perspective, whether it's a data scientist perspective, it's a data engineer perspective, whether it's a security perspective. So integration with Sims and vendors, whether it's with respect to compliance perspectives, we're working with a variety of um or data governance right perspective. So we work with a variety of vendors who have built in their products and their technology, um, utilizing the NetApp API, um, or Netapp's data infrastructure layer, um, to help the customers out. So I think we see it as a ecosystem play by default. And NetApp has a place in that world by being the intelligent data infrastructure company and helping our customers out, um, holistically. Wow. That sounds. It's not only super necessary, but well thought through and really understanding the scope of it and what it really means to an organization to be really thought through in a way that NetApp really does. So Goggin. That said, with 88% of executives saying they are ready for AI driven transformation, what are the most critical question? Board CEOs should be asking their CISOs about security before implementation or training of AI. And what are the dangers of these questions going unanswered? And certainly lots of questions coming at the CISOs from everybody. They hold the keys to quite a few kingdoms within the organization, and they're leaned onso many levels. So what do you say to that, Goggin? Yeah, I think look, I think it's a great question, right? Because end of the day, the it is the CISOs responsibility to make sure that their entire data stack and their AI stack is secure. So the questions the most important question the CEO should be asking is, do we even know where our data is, what our data estate looks like? Have you discovered what your data, what our data estate is? And that is a question that by itself will open up a can of worms. Um, because most organizations today cannot even discover their entire data estate. Only when you recover, discover your entire data estate will you know what is sensitive data? What's not sensitive? What should they worry about? What should they not worry about? You know. And then the next step, which is what are you doing therefore to secure your most sensitive data. Right. Are you protecting it? Are you making sure you're backing it up appropriately? Are you making sure that it's protecting against ransomware attacks? Are you making sure that it's being governed appropriately with the right set of people? Have the right set of access, right. Are you ensuring that this data that is being now going to data scientists, should they even be able to access it or not? Does it contains PII data that is contained company confidential data? The questions are limitless, right? From so from a CEO perspective and from a board perspective, They have to ask these questions because you don't want to be at a place where you created your I, your enterprise AI tools or products, I should say, or solutions. And you reach a point where you realize that the actual thing that powers the AI, which is your data, was not secured. Well, you have to make sure that it starts there. And of course, the next layer is how do you make sure the entire pipeline is secured? How do you make sure there are no poisoning attacks, that you're not poisoning the data as we go. But it all starts from the first single question. Are you able to ensure that you're discovering all your sensitive data that's going to be used? And how is that going to get protected at its source? And then you go from there. So I'll just stop there. But I think that question is what befuddling most CISOs today? I think you hit it head on. It's interesting. I think people would say, really, that's so shocking to me thatorganizations don't know where all their data is or what their data is, who has access to it, and all the areas that you touched upon. But it is something very important that organizations need to take note of. And certainly the whole breakdown of data that you describe to our audience is exactly it. We really need to understand all parameters of the data in terms of security, in terms of access just across the board. And Gagan, I always like to ask my interviewees if they have any extra cybersecurity tips they'd like to share with our audience, whether it being about your company work, whether it being about something personal, whether it being about any area of cybersecurity. Just like to share with our audience from your perspective. Oh thank you. Thanks for asking that. I think the way I'll put it is, look, this is going to be a very long game, right? And in this long game, you want to make sure that you have as a, you know, you have the right data infrastructure, uh, to help you, right? From data preparation to the actual execution. And from NetApp perspective, that's what we focus on. We focus on helping you curate the right data. We help you discover what's sensitive. What's not sensitive, we help you build the right guardrails. You know, one of the things that we touched upon, but not enough, is how the compliance regulations are starting to come in, right? If you're a financial company, the Finra compliance, if you are in the healthcare world, HIPAA compliance, if you are in, you know, you pick thecountry, you,know, you're building this AI for and there are compliance needs. And I think thatis an area where you want to make sure that you both understand those compliance needs. D'ora compliance is right now big in Europe for example. And then you have the right data strategy to help you with compliance needs what you don't want. And this is what NetApp is trying to do. Well, is that at the end of the actual project, when you're ready to take it to production, that's when the compliance officer or security officer comes in and says, oh, hold on. Um, you did not meet the standard A, standard B guidance, a guided B you. So as a, as an organization, um, you know, my, ask and my desire would be for all our customers to ensure that they are thinking about security, compliance and AI holistically right from day one. And think about NetApp, because that's what we do. We help our customers from putting the guardrails in place right from day one, when they're thinking about prepping their data, and to the point when they are actually deploying their AI model. So I think we are a lot of effort and a lot of work that goes into it. But the right kind of preparation, the right kind of mindset, will take it a long way. Thank you very much. And certainly thank you for taking time out of your day at this busy conference. I know you have a lot of meetings. You're doing quite a bit of interesting work at NetApp and here at the conference. And thank you for sharing your perspective and your wisdom with our audience. And I'm sure they'll be following you and learning more about NetApp. So thank you for your time and I look forward to our next conversation. Thank you very much. It was an honor. Again, thank you so much. Thank you.