Taking a Tech Memory Lane Walk with Trey Guinn from Cloudflare

1 00:00:01
Speaker 1: How's it going, everyone?

00:00:02
This is another security unfiltered episode.

00:00:05
So today's episode is with Trey Gwyn from Cloudflare.

00:00:10
Cloudflare actually decided to sponsor the podcast because they

00:00:13
believe in what security unfiltered is doing.

00:00:17
They like how we present the information and whatnot.

00:00:20
And Cloudflare is a very well known WAF solution that is used

00:00:26
by thousands of companies worldwide and you know we had

00:00:29
some common synergies right.

00:00:31
So they wanted to sponsor the episode.

00:00:33
But that doesn't mean that they directed the questions that I'm

00:00:37
asking or the conversation that we're having or anything like

00:00:40
that.

00:00:40
That's absolutely not the case.

00:00:42
They just sponsored the episode because they believe in what

00:00:46
we're doing here.

00:00:47
So with that, let's get into the episode.

00:00:50
Thanks everyone.

00:00:55
How's it going?

00:00:55
Trey, it's really great to finally have you on the podcast.

00:00:59
You know we've been trying to get this thing going for a while

00:01:03
now.

00:01:03
I actually think I started talking to Cloudflare back in

00:01:08
April or May.

00:01:09
It was one of those months right after my kid where, like

00:01:12
it's a complete blur, you know, and there was several times

00:01:16
where, like I went out to dinner or you know I had like a

00:01:19
meeting or something, and you know they would be like, oh,

00:01:22
don't you remember?

00:01:23
Like we had this dinner, we had this thing right when we

00:01:27
discussed all this.

00:01:28
They're like I don't know.

00:01:30
I mean, that doesn't exist to me right now.

00:01:35
Speaker 2: Oh well, congratulations.

00:01:36
And you know, you know, in the world we'll know be over in

00:01:40
about 18 years, right, yeah, hopefully hopefully 18.

00:01:45
Speaker 1: So, trey, you know I started everyone off with

00:01:49
telling their background, and the reason why I do that is

00:01:52
because there's, you know, there's different sections of my

00:01:55
audience, right, that are coming from different

00:01:57
backgrounds and they're trying to figure out, like you know,

00:02:00
hey, is this something that I can do?

00:02:02
Is this something that you know is possible for me?

00:02:05
Right, I get that question so many times.

00:02:08
Right, I want to get into cybersecurity, but I don't come

00:02:11
from an IT background.

00:02:12
Is that possible?

00:02:14
And so I feel like it's always helpful for my guests to, just,

00:02:17
you know, give their background.

00:02:19
Tell us where you came from.

00:02:21
Did you study IT in college or did you go down another rabbit

00:02:26
hole?

00:02:27
Speaker 2: Yeah, that's a good question.

00:02:28
So I I go like way back.

00:02:32
My first job was building computers in the mall and like

00:02:37
not the nice mall, the crappy mall, and so building like 46s,

00:02:43
this and the other, and I remember getting.

00:02:46
I sort of got on the internet at first when it was CompuServe

00:02:50
I do dial up at home so built my computer there, sort of played

00:02:55
around.

00:02:55
I remember like when they added TCP IP to Windows.

00:02:58
So I'm really dating myself, but that was like 12, 14 years

00:03:03
old.

00:03:04
You know, I was kind of a kid and I think what changed that

00:03:07
was when I went to university.

00:03:09
I I had a job at university but I was working for like the

00:03:15
university IT team, which meant like just network management.

00:03:19
So I got into like lands and stuff there and started to

00:03:23
really learn networking.

00:03:24
I ended up working full time while I was in college at a

00:03:31
small business sort of networking company.

00:03:33
So it was like an IT guy that built, like you know, built

00:03:36
networks and installed them.

00:03:37
So I do everything from you know, plug a mouse in to you

00:03:42
know, build a Windows NT network and and what have you.

00:03:45
And then let's see after.

00:03:49
After college I kept essentially working the place I was working

00:03:53
at while I was in college and did that for a little bit and I

00:03:59
just sort of like life decision in front of me.

00:04:01
I was living in Austin, I was doing this sort of small

00:04:04
business IT thing and it was a small company's, like you know,

00:04:08
just a couple of college age kids, you know, fixing networks

00:04:12
for like lawyers and what have you.

00:04:14
And the owner of that business was like hey, I think I want to

00:04:20
go back to school.

00:04:20
We could do this like employee buyout thing, so like if you

00:04:24
just stick around for three years, we'll give you a third of

00:04:26
the business.

00:04:26
I was like, oh, that sounds really cool.

00:04:29
But I was 24, 23, four years old , something like that, and I was

00:04:35
like I'm not sure I'm living in Austin.

00:04:37
And I was like I'm not sure I want to spend the rest of like I

00:04:40
don't know if I want to spend the rest of my life here.

00:04:42
I haven't lived anywhere else.

00:04:43
So I actually it was kind of crazy, but I just said thank you

00:04:48
so much, but I'm going to quit now instead.

00:04:51
And I sold everything I owned and went to go travel around the

00:04:56
world for a year you know in quotes but I sort of like ended

00:04:59
up in New Zealand accidentally, got a real job, and then there

00:05:05
was like building sort of like data centers and stuff like that

00:05:09
and I ended up being the guy that just like picked up, picked

00:05:14
up firewalls and became like the first Fortinet certified

00:05:18
administrator in New Zealand because I just thought those

00:05:21
things were really cool.

00:05:22
But I ended up being this again it's kind of a smallish economy

00:05:26
, smaller company, only like a couple hundred people there, and

00:05:31
then after that I would give you the long sort of it then

00:05:34
ended up in New Zealand.

00:05:35
After New Zealand ended up in Amsterdam and I kept doing sort

00:05:39
of infrastructure stuff and then enterprise architecture at a

00:05:43
big multinational and then from there I got a job at Cloudflare

00:05:48
about 10 years ago as a first solution engineer.

00:05:50
So this is slightly abbreviated version but still worthy.

00:05:56
Speaker 1: Yeah.

00:05:56
So so, trade, you know you bring up an interesting time, I

00:06:01
guess, in the computer world.

00:06:02
You know when you started, when or at least you said that you

00:06:07
remember when they added TCP IP to Windows NT.

00:06:12
Speaker 2: I think it was right, and do you use Windows 3 to

00:06:16
Windows 3.1?

00:06:17
It was like when you actually got a TCP IP stack.

00:06:23
Speaker 1: Wow.

00:06:23
So you know, do you?

00:06:26
Do you think that you know?

00:06:29
Engaging with technology back then allowed you to understand

00:06:33
kind of the underlying.

00:06:35
You know workings of it quite a bit more than what people do

00:06:39
today.

00:06:40
And I bring that up because earlier on in my career I was

00:06:43
essentially a Linux admin, right , and the Linux OS did not have

00:06:48
a GUI on it, so it was strictly terminal, and so I ended up

00:06:52
learning Linux extremely well as well as learning you know the

00:06:57
network stack on the Linux server, learning you know the

00:07:00
different security, you know configurations and how

00:07:04
everything is configured right, and that kind of opened my eyes

00:07:08
because I was used to, you know Windows 98, right, windows 2000,

00:07:14
whatever, whatever, windows 7, that's what it was Sorry, and

00:07:22
you know I was used to that GUI right, never played around with

00:07:24
the terminal, but as soon as I got into the terminal it really

00:07:27
opened up the rest of like technology to me.

00:07:30
I feel, do you look back on that and think the same thing?

00:07:33
Or, you know, is it a different kind of feeling?

00:07:38
Speaker 2: Yeah, that's a good question.

00:07:39
You know what leads us to sort of go deeper down in this career

00:07:46
.

00:07:46
Fundamentally, I think what is incredibly helpful has been for

00:07:51
me, and even when I, like I built a solution engineering

00:07:54
team at Cloudflare, what made folks really good at their role

00:07:57
was folks that wanted to understand how things worked

00:08:02
right.

00:08:02
So you're looking for this sort of sense of curiosity.

00:08:04
I'm with you.

00:08:06
Like, I remember trying to get my first sound card to work in

00:08:10
Red Hat 2 or whatever it was, and you know, and at the time we

00:08:15
had this debate in the dorms about, like, is it Linux or

00:08:18
Linux?

00:08:19
And the demo sound was like hello, this is Linux Store

00:08:23
Vaults, and I pronounce Linux, linux.

00:08:25
And I was like, all right, we're seeing, like, but it took

00:08:29
like two days to get a sound card to work and you learned a

00:08:32
lot about interrupts and this and the other.

00:08:34
I like I'm reticent to say that that is the thing that makes

00:08:40
you understand the material better.

00:08:42
I think you're either curious and you dive in because you find

00:08:46
it genuinely interesting, or it's so bloody hard to use that

00:08:49
you're forced to learn how it works.

00:08:51
But I think both of those paths work to get you there, because

00:08:56
I mean there's a bunch of new stuff now that like I should be

00:08:59
digging more into.

00:09:00
Yeah, so, as always, that'll never stop.

00:09:04
Speaker 1: Yeah, that's, that's a really good, I guess, analogy

00:09:08
or way of thinking about it, right, like it has to be so, so

00:09:12
hard that you have to learn it inside and out.

00:09:16
I mean, you know, there was a point when I was that Linux

00:09:19
admin right where, where I had to learn SC Linux, not because I

00:09:24
wanted you know, I didn't even know what SC Linux was but on

00:09:28
the call I had a customer that was like, oh, we require SC

00:09:31
Linux to run, and whenever we've run it on your server,

00:09:35
everything breaks.

00:09:36
Like, okay, well, that's really weird.

00:09:39
You know, like this thing should just be working right,

00:09:41
like and I mean, this was weeks, weeks later.

00:09:46
You know, like I finally had it all down, but like, if you

00:09:50
looked at my one note that I was taking notes in because I took,

00:09:53
you know, copious amounts of notes I took the error that I

00:09:56
would run into the command that I ran to fix it, why that

00:10:00
command works.

00:10:01
And you know, keep on going through it.

00:10:03
And the extensive one note that I had at the end turn into the

00:10:09
troubleshooting guide for all of SC Linux for the company.

00:10:11
And like it was used by the devs to actually say, oh, this

00:10:16
is all the changes we need to make.

00:10:17
You know, I never would have learned it as well If I wasn't

00:10:22
going through those problems, that's for sure.

00:10:25
Speaker 2: Yeah, you're like sort of forced through it.

00:10:27
You have to, like you have to build mental models as you go,

00:10:31
and then you sort of your this is actually.

00:10:33
It's an interesting way to learn, Like I find tinkering and

00:10:37
playing with things is a fantastic way to learn, and

00:10:39
trying to make something function in SC Linux is like the

00:10:42
ultimate version of that.

00:10:43
You're like I think I have a mental model of correction, Like

00:10:46
nope, it didn't work.

00:10:47
All right, I'm going to like fine tuning continuously, yeah

00:10:51
yeah, absolutely.

00:10:52
Speaker 1: So, you know, along your path.

00:10:55
You said that you were, you were at a company doing, you

00:10:59
know, some IT work for law firms , right, and they offered you

00:11:04
essentially one third of the company and you chose to travel.

00:11:07
So walk me through, walk me through that decision, right.

00:11:11
And this is a really interesting decision for me

00:11:15
personally, and I'll tell you why.

00:11:16
Right, um, I remember back when I was, you know, younger, right

00:11:23
Earlier on in my career, I had just started to develop this

00:11:27
mentality of say yes and figure it out later, right.

00:11:32
And so I think to myself, if I was presented with that one, I

00:11:35
would have taken it, right.

00:11:37
But what you did was travel the world and start to experience

00:11:43
that.

00:11:43
And I have a friend who, very recently, actually just decided

00:11:48
to leave his job and was like you know what?

00:11:49
I'm not happy working here, I'm not happy doing this.

00:11:52
I'm literally going to go travel the world, like I've

00:11:55
worked, you know, since college.

00:11:57
I want to go do this, and so he did it and I'm extremely

00:12:00
envious of him because I have a seven month old.

00:12:03
Right, I can't, I can't just up and leave.

00:12:06
If I do, I have to take two other people with me and that's

00:12:10
very expensive.

00:12:11
It's not like I'm a, you know, a single 22 year old anymore.

00:12:15
Right, like I have responsibility.

00:12:17
Speaker 2: It's possible, anything's possible.

00:12:19
You can travel with a family.

00:12:21
Speaker 1: It's not impossible.

00:12:23
It's very difficult, very difficult, very inconvenient.

00:12:25
So you know just talk me through that decision.

00:12:31
What did you weigh?

00:12:32
How did it look to you?

00:12:34
What were you thinking?

00:12:37
Speaker 2: Yeah, so it was.

00:12:38
It's interesting, I wasn't unhappy, I loved my life, I was

00:12:40
having a great time, like the job, et cetera.

00:12:43
But I I guess I was aware of the fact that I was like 24

00:12:47
years old and here was this option to take sort of the

00:12:54
ownership stake in a business and I said, okay, well, if I do

00:12:57
that, like you know, I remember my thought was always like, okay

00:13:01
, then all I need to do is find a house, a wife and I'll be

00:13:05
ready to die, like like my whole life will just be like laid out

00:13:09
in front of me.

00:13:09
And I was just like I'm not sure I had this sort of

00:13:16
sensation, was like I need to see other options before I

00:13:19
commit to this one.

00:13:21
And then what really helped was within a couple months of that

00:13:26
I mean actually right, similar timing, but like within a month

00:13:29
or two of that very fortuitously , I was in Banff, canada.

00:13:34
My mom and I have birthdays close to each other, so sort of

00:13:38
a birthday trip.

00:13:39
We went up there together.

00:13:40
But because I was traveling with my mom, I basically spent

00:13:43
whatever time I could trying to find people my age to hang out

00:13:46
with, and there were these.

00:13:48
There was a Irish couple of sort of in their 20s or my age

00:13:53
that were working behind the bar , their bartenders at the place,

00:13:56
and they explained to me this concept of holiday working visas

00:14:00
, the idea that you can get a well one, explain the idea of

00:14:05
travel right, like as Irish and Australians and stuff.

00:14:08
Like it's a very common thing, like after university go spend a

00:14:11
year abroad or you do your overseas experience, whatever

00:14:13
you call it and they're like, oh yeah, we got this visa.

00:14:16
It's called an over, you know, travel visa, working holiday

00:14:20
visa, and you can travel for a year in a place and you work a

00:14:24
little bit.

00:14:24
And this.

00:14:24
And I was like, oh wait, you mean I don't have to have

00:14:27
$100 saved up to be able to go travel for a year.

00:14:30
And yeah, and it was I.

00:14:34
Basically that was September when I met them and it like

00:14:38
opened my eyes to this possibility and I had left the

00:14:41
US by January 1.

00:14:43
So, like within a couple of months, I wrapped up my entire

00:14:47
life and was like I'm traveling the world and I think I bought

00:14:52
tickets to places that I probably couldn't find on a map

00:14:56
and yeah, it was a good time and the best part too is I'd never

00:14:59
traveled by myself before, and that was that was super, super

00:15:04
valuable for me.

00:15:05
Speaker 1: Hmm, yeah, you know, the very first trip that I ever

00:15:11
took, you know, by myself, was actually to Germany for study

00:15:16
abroad.

00:15:16
It was a four or six week program, right, and it was two

00:15:22
weeks, yeah, two weeks, after donating my kidney.

00:15:25
So I donated my kidney, oh my, I told my doctor like, hey, I'm

00:15:30
not going to make the checkups, you know, in a couple weeks

00:15:34
because I'm going to Germany, and so they, you know, had to

00:15:37
tell me, like, what hospital go to go to if anything went wrong,

00:15:40
and everything like that.

00:15:41
But that experience, you know, really prepared me for the rest

00:15:46
of my life, up to this point at least.

00:15:49
You know, it was amazing and it's really interesting to me

00:15:52
how well traveled you know Europeans are, like they, I mean

00:15:58
, they travel all over Europe all the time, right, and I was

00:16:03
talking to someone from Russia and he said, oh, you know how

00:16:06
many, you know how many countries have you been to,

00:16:10
right, and I'm like too, this is , this is number two.

00:16:13
You know, then, do America, if you count that right?

00:16:16
And he goes oh well, how much of America have you traveled?

00:16:19
I'm like, not that much, you know, like I, I had enough

00:16:22
states to.

00:16:23
You know, maybe fill a hand if I was being generous.

00:16:26
Right, and he was very confused as to how lacking in the

00:16:31
traveling department I was and I had to explain to him.

00:16:35
You know, if you pull up a map, right, we have 50 states over

00:16:39
here.

00:16:39
Right, you pull up a map and you look at one of our states

00:16:42
and it's, you know the size of potentially a couple small

00:16:46
European countries.

00:16:47
You know, like, like Illinois, right, you could drive in one

00:16:51
direction for eight, 10 hours.

00:16:54
You know, if you start at the very top, you go all the way to

00:16:57
the bottom, that's 10 hours.

00:16:58
And you just made it through one state.

00:17:01
You know, and, like him, wrapping his mind around that

00:17:06
was, uh, was really interesting, because I was also trying to

00:17:10
wrap my mind around them being so traveled, because they were

00:17:13
like, oh yeah, I'm going to Australia, I'm doing this and

00:17:16
I'm, I'm over here.

00:17:17
I'm like man, I'm just lucky I made it here.

00:17:20
Speaker 2: Yeah, yeah, no, it's, it's I.

00:17:24
I highly recommend it.

00:17:25
Thanks, folks.

00:17:26
Whether it's travel or in any way, just trying to expose

00:17:31
yourself to other ways of thinking and other ways to

00:17:35
approach problems, just get people to challenge the things

00:17:40
that you have assumed that you've been socialized to grow

00:17:43
up with.

00:17:43
You may still agree with those, but from that very big decision

00:17:48
, just because this is the default, is this the thing you

00:17:52
really want to stick with?

00:17:53
We can bring that right back to tech.

00:17:54
I mean, that's also the way you figure out how things work Is

00:17:58
like.

00:17:58
Can you run with the defaults or do you really need to

00:18:01
understand the implications of changing something?

00:18:04
Speaker 1: Yeah, now, did you experience a lot of that in your

00:18:10
tech jobs overseas, where they were going about a problem

00:18:15
differently from how you would have addressed it?

00:18:17
Was that situation something that you went through, or maybe?

00:18:24
Speaker 2: not Right.

00:18:25
Speaker 1: Because tech is universal.

00:18:28
Speaker 2: Well, yes and no.

00:18:29
Actually, I learned a ton.

00:18:32
I lived in Amsterdam for about almost six years.

00:18:35
One of the jobs I had there was I was an enterprise architect

00:18:40
for KPMG, but like KPMG internal IT, like the KPMG business, not

00:18:45
facing customers we had an enterprise architecture team

00:18:50
that was largely split between Amsterdam and New Jersey.

00:18:54
What I learned there is just this cultural way of going about

00:18:59
solving problems.

00:19:02
This is slightly exaggeration, slightly hyperbole, but if you

00:19:05
came up with a problem, set a set of requirements and you

00:19:10
brought it to the Dutch team, which I was on the Dutch team

00:19:17
they'd spend a month coming up with this perfect self-healing,

00:19:23
every potential solution, considered, every possibility,

00:19:29
Like they really thought things through.

00:19:30
They're very, very long-term focused.

00:19:33
They always think things like 100 years.

00:19:37
When they build houses in their neighborhoods they're thinking

00:19:39
like 500 years out.

00:19:41
We barely think six months out.

00:19:42
They just have this very long-term perspective.

00:19:46
But it would take like a month to come up with a design for the

00:19:48
system, much less than you have to go build it.

00:19:51
You'd have the same problem set to the American team and the

00:19:56
American team would have a POC running.

00:19:58
By Friday It'd be up and running Now you'd have to duct

00:20:02
tape it to no end.

00:20:04
It's going to cost a fortune.

00:20:08
They hadn't considered any of the problems that could arise.

00:20:10
I hadn't really thought through anything, but it was running.

00:20:13
What my takeaway was is that the ideal is somewhere in the

00:20:18
middle.

00:20:18
You have to move fast to take advantage of market

00:20:22
opportunities and just as opportunities come up, but you

00:20:27
also need to somehow balance the short-termism versus

00:20:30
long-termism.

00:20:31
What I really liked was being exposed to both of those teams

00:20:35
and seeing how they functioned, because I felt like I could

00:20:40
learn from both.

00:20:40
The question was spot on, but that was super formative for me

00:20:46
in my career.

00:20:50
Speaker 1: Yeah, at my current employer.

00:20:52
They're a German company and it's insane how much they

00:21:01
actually think through this stuff and everything.

00:21:03
I just spent a year doing what they call a POC.

00:21:09
To me the POC was only the past six weeks.

00:21:14
It was the only time that I was actually doing hands-on

00:21:17
keyboard, actually getting into the weeds of different things.

00:21:21
I've been working on it for the past year because they want

00:21:27
every single T-cross, every I dotted.

00:21:31
They want to think about it a couple of times.

00:21:33
I learned in that process that when they're designing vehicles

00:21:39
over in Germany they'll have button requirements where

00:21:44
corporate will say it cannot have more than X amount of

00:21:48
buttons in the vehicle.

00:21:50
Where you place them is up to you and they will debate this.

00:21:54
I guess they were actually debating this for eight months

00:21:58
all the way up until the car was actually released and corporate

00:22:01
had to put a boundary on these engineers saying okay, you have

00:22:06
two months to make this decision because we have to figure out

00:22:10
everything else.

00:22:10
We can't be held up because you don't know where to put a

00:22:13
button.

00:22:13
You need to figure it out, which is really interesting.

00:22:19
I drive a German sports car and my wife has the same

00:22:26
manufacturer.

00:22:26
I'm trying not to give away too much information because as

00:22:30
soon as I do, everyone's going to be like oh, this is where Joe

00:22:34
works.

00:22:34
That's what I want to avoid.

00:22:36
My wife also drives an SUV from the same car manufacturer.

00:22:40
If I sit in her car and I sit in my car one, they're two

00:22:44
totally different cars, they perform totally differently, but

00:22:47
they are the exact same experience in terms of the

00:22:52
cockpit experience.

00:22:54
The buttons are in the exact same place.

00:22:56
It feels the same.

00:22:57
There's very few differences and they do that very

00:23:01
intentionally because they want it to be.

00:23:03
If you drive our lowest end car or highest end car, it's the

00:23:07
same controls, it's the same functions.

00:23:10
It performs differently, but it's mostly the same all around.

00:23:15
It's really fascinating to me of how much time they will put

00:23:22
into making the decision not right but perfect.

00:23:27
Speaker 2: Yeah, it's that idea of designing systems with a user

00:23:32
experience that people can just appreciate and they can jump in

00:23:37
and use.

00:23:37
And then, obviously, ideally, you don't want to have to read,

00:23:45
you don't want someone to be required to read the owner's

00:23:47
manual to figure out how to turn the air conditioner on.

00:23:49
It should just be obvious, right, it should be intuitive.

00:23:51
And this probably goes to it's always going to bring around to

00:23:55
security.

00:23:55
Again, like it's shocking.

00:23:57
You think about solutions that are not secure by design or it's

00:24:03
not intuitive.

00:24:05
I always feel like hard to use systems are inherently less

00:24:09
secure and hard to use also for end users.

00:24:13
Like if security adds too much friction, people will find a way

00:24:17
around it, like they won't leverage it.

00:24:19
And so it's like, how do you really think about that end user

00:24:23
experience?

00:24:23
Making it consistent, making it just where you don't even have

00:24:27
to think?

00:24:27
It should just be intuitive.

00:24:28
You're like, oh, I want to do, I want to put the car in drive.

00:24:31
It's like it's super obvious what I'm doing and I'm doing the

00:24:34
right thing.

00:24:35
I'm not accidentally putting the emergency brake on in the

00:24:38
process.

00:24:39
Speaker 1: Yeah, Right.

00:24:40
So, Trey, you mentioned you started off as what was it?

00:24:45
A solutions architect at Cloudflare, Is that right?

00:24:50
Speaker 2: Yeah, so I was the first solution engineer at

00:24:53
Cloudflare.

00:24:53
Technically, I was the first hire in the customer facing

00:24:58
sales team and I'd never been in a quote unquote sales team I

00:25:03
would like really cringe at that moniker.

00:25:05
But it ended up being like my favorite job, which, because I

00:25:11
had all this background in sort of being I was an SRE before I

00:25:16
was like IT guy, built data centers.

00:25:19
I like working with customers.

00:25:21
I really liked solving their problems and understanding what

00:25:25
they're trying to accomplish.

00:25:26
And then I feel like it's like designing a LEGO setup.

00:25:30
I love hearing what the requirements are, looking at

00:25:32
what the tools are and trying to come up with the best solution

00:25:36
to meet the requirements and also think like the Dutch do,

00:25:39
think a little bit in advance of what's going to be step two and

00:25:43
step three after this and how can I sort of prep you for that

00:25:46
Turns out I didn't realize that's what solution engineering

00:25:49
is Sort of figuring out how to solve someone's requirements,

00:25:53
and so I ended up being a sweet gig and I was the first solution

00:25:58
engineer and then I ended up managing and building that team

00:26:02
up to.

00:26:03
I did that for eight years, so I ended up being a global team

00:26:07
of 160 people, and so I had solution engineers in I don't

00:26:12
know like 20 different countries and just this amazing group of

00:26:15
people and yeah, so that's how I started at Cloudflare.

00:26:22
Speaker 1: Wow, that is a really interesting start, because now

00:26:28
you're a field CTO, which I mean it's I guess this is the best

00:26:40
way of putting it right it's obviously a higher level

00:26:44
position, but it's almost completely different because

00:26:47
it's a different set of problems that you're trying to resolve.

00:26:51
You may not be in the weeds every day, like you alluded to

00:26:56
previously.

00:26:56
You're not in the weeds every day, and so it's more difficult

00:26:59
for you to stay on top of all the different evolving

00:27:03
technologies and whatnot right, and so how do you find the time

00:27:10
even to stay on top of it?

00:27:12
Do you have key resources that you go to that maybe give you a

00:27:16
quick blurb about something right that you may need to know

00:27:19
for a customer meeting, or something like that?

00:27:24
Speaker 2: Yeah, that's a good question, I mean one.

00:27:28
It is challenging because I'm obviously like, even just with

00:27:32
our own products and solutions I'm just like I'm not getting my

00:27:35
hands dirty with it nearly as much now.

00:27:37
I'm sort of in a way I'm like sort of more focused on the

00:27:40
strategy versus the practicality , what you're doing with it.

00:27:43
But I think what has served me well is just to try to maintain

00:27:49
that sense of curiosity.

00:27:51
And what has saved my bacon is, I mean one I'm lucky to work at

00:27:56
a company that blogs super extensively about how things

00:28:01
work in the background and what have you, and I find that super

00:28:05
interesting.

00:28:05
I'll read about how different cypher suites function and super

00:28:12
low-level kernel things in a Linux kernel which, to be honest

00:28:16
, is way past anywhere I've ever actually played around with.

00:28:18
But just it helps to build those mental models.

00:28:21
And then, critically, I'm lucky is that Cloudflare is in place,

00:28:26
is really transparent internally and everyone's really

00:28:29
helpful and friendly.

00:28:30
So if I find myself curious, I try to.

00:28:36
When we worked in the office I would literally tap someone on

00:28:38
the shoulder.

00:28:38
Now it's a sort of virtual tap on the shoulder.

00:28:40
I'm like, hey, do you mind taking 10 minutes explaining to

00:28:44
me how this works, because I'm just trying to have that model

00:28:49
in my head and so, working with product or engineering, do that

00:28:53
a lot and hopefully taking those ideas when we're working with

00:29:01
customers, partners, government entities et cetera.

00:29:04
And largely it's not even so much trying to convince them to

00:29:08
do one thing or another, I just like it's largely trying to just

00:29:12
essentially educate what I'm learning from these smart

00:29:15
engineers at Cloudflare, like if I can just sort of pass that

00:29:18
information along, then these folks can make a more informed

00:29:24
decision about what their next steps are.

00:29:26
Speaker 1: Hmm, yeah, it's really interesting.

00:29:29
You know when, when you're talking to different customers,

00:29:35
is there a common issue or a common thread with your

00:29:39
customers that you're seeing?

00:29:41
You know it might be consolidating their tech stack,

00:29:44
right, because over time the tech stack has grown so

00:29:47
significantly it's difficult for even the engineers to keep up

00:29:52
with right.

00:29:53
And you know, for example, just recently I was faced with an

00:29:59
issue that I was trying to solve without a tool that we had

00:30:02
bought, deployed and were running that specifically solves

00:30:06
this problem right, and I had no clue that it had that

00:30:12
capability.

00:30:13
I knew that we had it, but I didn't know it had that

00:30:15
capability right.

00:30:16
And I'm someone who's pretty much in the weeds, you know like

00:30:21
.

00:30:21
Speaker 2: I'm.

00:30:21
I mean, you're on top of this stuff.

00:30:23
Yeah, exactly.

00:30:25
Speaker 1: Right, you know so like.

00:30:26
Is that a problem, or is there more unique problems than that?

00:30:34
Speaker 2: I mean we have.

00:30:34
We always have those challenges , I mean particularly for

00:30:39
ourselves.

00:30:40
Like we're an innovative company, we keep shipping new

00:30:42
things.

00:30:43
I mean it's hard enough for like our own employees to know

00:30:47
what we have this week, much less our customers.

00:30:50
And then half the customers have sort of been introduced to

00:30:53
Cloudflare at some late some date in the past and then when

00:30:57
they chat with us today and we were like, oh, this is what the

00:30:59
platform does, they, they like they're like whoa, that's like

00:31:02
10.

00:31:02
Next, what I thought you guys did.

00:31:04
And I think the interesting thing there is that I I really

00:31:09
think Cloudflare is kind of a new category of business and we

00:31:14
finally actually started like trying to come up with a name

00:31:17
for this.

00:31:17
And we don't think we're going to be the only one, like we

00:31:19
think there's other companies doing this.

00:31:21
But you used to have, like you know, your, your WAN company, a

00:31:26
firewall company, low balancer company.

00:31:29
They had all these different companies that did different

00:31:32
things and that worked in a world where lots of compute and

00:31:38
applications and users are kind of like we're together.

00:31:41
And back when I was building that NT networks for lawyers,

00:31:44
like it worked because, like the lawyer, the server, the

00:31:49
application, the data was like kind of all on the land, right,

00:31:52
but we've seen 10 years of like cloud and SAS and whatever.

00:31:58
So now in this world, like things are super, super

00:32:01
distributed, you've got users all over the place, applications

00:32:06
all over the place, data all over the place, and cloud has

00:32:09
worked well for that, like using cloud environment.

00:32:12
I hate saying cloud is just basically automation.

00:32:13
So automation's worked well for like building, like dynamic

00:32:18
sort of store and compute.

00:32:19
And the internet works really well for making it possible for

00:32:23
you to be anywhere.

00:32:24
You've got 5G, you've got all these things.

00:32:26
But if you're asking that question like what's that common

00:32:29
problem is, I think like, for some reason, like networking and

00:32:34
security has been the laggard where the way people solve

00:32:38
problems.

00:32:39
Back when I was building NT networks and even, like you know

00:32:42
, when I was at, you know, when I lived in New Zealand, we had a

00:32:47
, we hosted applications, we had our own data center I hope to

00:32:50
like build a data center and stuff and we had like a racket

00:32:53
you know racks of servers, that model of like okay, you got an

00:32:57
application and you got a user here and then in between them

00:33:00
you just got to put these functions and you normally do

00:33:03
those functions with like VMs or boxes or something like that.

00:33:07
You have to choose where they run.

00:33:08
Like that sounds very common, right?

00:33:10
They're like we're trying to use that model in this world

00:33:14
where now the application, the user are everywhere, and so

00:33:18
you're like oh so I guess we just need more of those boxes.

00:33:21
And that doesn't work well.

00:33:22
Like like I talked to a big European bank that runs like

00:33:27
75 firewalls and they're in internal network, and so, like I

00:33:35
talked to another bank in New York that was saying the other

00:33:38
thing is like classic thing was we, you know, we have this

00:33:41
clouds great, we can spin up a developer environment in 30

00:33:45
seconds, but then it takes like six weeks to get them access to

00:33:48
it because the change tickets to go through, like the 12 control

00:33:51
layers and the four season.

00:33:53
So that to me, is like the common problem in our industry

00:33:59
today is that, like networking and security has like been this

00:34:04
laggard, and I think of like, and when I say not security

00:34:08
broadly, but like sort of security that you do in the

00:34:10
network and because the network is like such a point of

00:34:12
visibility for that that has been this laggard and we like we

00:34:17
need a new model, and I think this new models we're calling it

00:34:21
connectivity cloud.

00:34:22
I mean, that's where the marketing people come up with,

00:34:24
but it's not terrible but the idea being that you can have a

00:34:29
more ubiquitous set of controls so that they you can have the

00:34:33
same controls and they can be in , they can be in all these

00:34:36
places in a orchestrated way.

00:34:40
I think that is this challenge that a lot of folks are running

00:34:42
into, and you talk about complexity where they've, like,

00:34:47
over the last 10 years, like they added a bunch of cloud

00:34:49
environments, added sass.

00:34:50
They did all these things and now, like you try to like make a

00:34:54
change, like get a developer access to the development

00:34:57
environment and take six weeks like that's crazy.

00:34:59
Like things have gotten so complex.

00:35:01
Like got to find a way to make it simpler and consolidating the

00:35:06
number of vendors to is a big part of that too.

00:35:08
But like and then go into DevOps and you know DevSecOps

00:35:12
and all that stuff and automating.

00:35:13
That is really important.

00:35:14
But I think, like, the fundamental problem is that,

00:35:17
like we took the network stack from 25 years ago and we just

00:35:21
tried to, like you know, copy paste it out to like every

00:35:25
environment we have a data server or server or a chunk of

00:35:29
data and now, and that doesn't work well.

00:35:33
That's a long winded thing, but that's that's like.

00:35:36
That's literally like the thing I've been working on for 10

00:35:39
years at cloudflare.

00:35:41
Speaker 1: Yeah, I mean it's.

00:35:42
It's crazy how complex these environments can be.

00:35:46
I'm sure if if that bank ever leaves that firewall vendor

00:35:50
they'll be, their stock will really take a hit that day, you

00:35:54
know there's some.

00:35:56
Speaker 2: there's some sales guy on the yacht somewhere who's

00:35:58
loving life because of that deal, but yeah, whatever.

00:36:02
Yeah, it's on the island, doesn't serve that doesn't serve

00:36:06
the, doesn't serve the bank, doesn't serve the bank's

00:36:08
customers, and you're like there's got to be a better way

00:36:10
to do this.

00:36:10
Yeah, that is so.

00:36:12
Speaker 1: That's so insane, you know it's.

00:36:15
It's been tempting at times to go over the sales, the sales

00:36:19
route, but I just don't want to do it.

00:36:22
Yeah, I don't want to do it, I don't believe you know I should.

00:36:26
Speaker 2: Yeah, I wouldn't push anyone that direction.

00:36:28
I was just thought when we were , when I was building solution

00:36:33
engineering team, my whole thing was you could find sales people

00:36:37
that were, far more than you know, marginally technical, or

00:36:41
you could find engineers that like to talk to people and my

00:36:44
whole strategy was like, I wanted to hire engineers that

00:36:46
just like to talk to people.

00:36:48
That was, and I think you, it really varies by company and

00:36:53
what you're working in and stuff like that, but that was, that

00:36:56
was our strategy with the solution engineering team.

00:37:00
Speaker 1: I mean it makes a lot of sense.

00:37:01
You know, it's not very common that you find someone so

00:37:05
technical, able to, you know, talk to a customer, you know,

00:37:09
without having any issues, without stumbling around and not

00:37:12
being un talkative and not being too talkative.

00:37:17
You know, you got to have got to have a certain level of

00:37:21
communication skills, I guess, to be able to be successful at

00:37:24
that role.

00:37:28
Speaker 2: Yeah, it's an interesting role, To be honest.

00:37:31
I stopped leading that team two years ago and it's even more

00:37:35
mature now.

00:37:35
They have more sophisticated leaders who have done this more.

00:37:40
So it's not only being really structured and thinking about

00:37:45
how you not only do you have to have good EQ and be able to

00:37:49
communicate, but having us structured, a way of trying to

00:37:54
extract out what's important to the customer.

00:37:56
What are they trying to solve for Ten different ways to ask

00:38:00
the same question because you will know this, and every

00:38:04
engineer knows this, which is people tend to come to you and

00:38:08
say do X.

00:38:10
Instead of just saying yes, you should probably ask what are you

00:38:13
trying to accomplish?

00:38:14
Because what you've come to me with is you've come to me with

00:38:18
an implementation.

00:38:19
You've come to the expert and told the expert just do this

00:38:24
implementation.

00:38:25
What you should come to the expert with is I'm trying to

00:38:29
accomplish this outcome.

00:38:30
What do you recommend is a way to do that?

00:38:33
That's a much healthier way, but try to do that in a

00:38:39
non-combative way.

00:38:40
You're like oh okay, you want X , but tell me why you want X.

00:38:42
What are you trying to do?

00:38:43
What are you trying to accomplish?

00:38:45
And then, when they say something, you're like, oh okay,

00:38:48
well, we could do X, but there's this other thing we

00:38:50
could do and it has these benefits.

00:38:53
What do you think of that?

00:38:54
You're like, oh wow, that's great, you guys are helpful.

00:38:56
That sort of conversation repeated five billion times.

00:39:04
Speaker 1: Yeah, absolutely so.

00:39:08
I guess in security and even more of the general public, I

00:39:13
guess every maybe let's call it once a quarter, right, we see

00:39:17
Cloudflare and the news in a good way, right, for once, we

00:39:20
see a security company in the news for something good, right,

00:39:25
and it's always Cloudflare.

00:39:26
Stopped X attack, right?

00:39:29
Or X DDoS attack.

00:39:30
That's the new largest DDoS attack ever.

00:39:34
One, how are these attacks measured?

00:39:37
Because I'm seeing was it 398, 400 million requests per second,

00:39:44
which is pretty insane.

00:39:46
That's hard for me to picture even what that is, what that

00:39:49
looks like.

00:39:50
And two, how in the world is Cloudflare able to do that?

00:39:55
Right, because I feel like no one else in the world can do

00:39:58
that.

00:39:58
I mean, it's numbers that are hard to imagine, right?

00:40:03
So how is that even possible?

00:40:06
Speaker 2: Well, it kind of goes back to that point I was making

00:40:08
about like building things in this like very distributed way.

00:40:12
For the engineers in the audience you'll appreciate this

00:40:16
that Clubhouse is the first company to really build a big

00:40:20
anycast network, sort of reverse proxy, and so about 20% of all

00:40:28
domain names on the internet today are behind Cloudflare, so

00:40:31
we're already running in a big scale.

00:40:32
And then you think about like how if you don't mind me getting

00:40:36
technical for a second, but if you think about like how you

00:40:40
would interact with a website or it's like a web application or

00:40:44
an API from your phone, et cetera First thing is you look

00:40:47
up a DNS record, you get an IP address, you connect to that IP

00:40:51
and then you do like a layer seven request for, or you

00:40:56
establish SSL and then you do HTTP generally.

00:40:59
But traditionally when you look up an IP address, it was like

00:41:06
your phone number on the internet.

00:41:07
Right, it would exist in one place.

00:41:09
And this was the big problem with DDoS back in the day was

00:41:14
because you had like one address to attack.

00:41:16
You could the first D and DDoS is distributed and you could

00:41:20
build a botnet that's all over the place and it could

00:41:22
concentrate and attack in one place and just knock it over.

00:41:24
And it's sort of like the law of averages here, like one

00:41:29
person can never fight off right , like I don't care how bad as

00:41:32
you are, like if enough people come at you and you're just one,

00:41:37
like there's nothing you can do about it.

00:41:39
And so what?

00:41:40
The?

00:41:41
Even the founders of Cloudflare actually, from the very

00:41:43
beginning, did this.

00:41:44
When we have IP addresses on the internet, we advertise them

00:41:50
from all of our data centers at the same time.

00:41:52
So that's, like you know, 300 different data centers now.

00:41:56
So what is weird is that the that it'll be that IP will be

00:42:01
out in a data center.

00:42:02
The same IP will be a data center in Dallas and one in

00:42:05
Moscow and one in Auckland, new Zealand, and Sydney, australia,

00:42:09
and wherever else.

00:42:10
And so when you've got this distributed botnet that's

00:42:13
launching an attack and it tries to attack the IP address, it

00:42:16
actually ends up hitting the look the like the closest one

00:42:20
and that sort of low balances and attack out in that way.

00:42:24
And so, and as you mentioned, like, we just on Tuesday had a

00:42:29
big announcement where we basically did a responsible

00:42:33
disclosure of this new crazy zero day vulnerability in the

00:42:38
HTTP protocol that is leading to just these crazy world record

00:42:44
attack types.

00:42:45
But luckily we're able to work together with some industry

00:42:50
peers and the goal really is to try to get everyone patched and

00:42:54
sort of on top of this.

00:42:54
But I do think that it represents this sort of like

00:42:58
step change where we're going to start probably seeing a lot

00:43:02
more layer seven denial of service attacks than we have

00:43:06
seen in the past.

00:43:09
Speaker 1: Wow, that is, that's really interesting.

00:43:12
You know, I've never I guess I've never thought about it

00:43:17
quite like that, where DDoS attacks were very successful

00:43:21
because they could focus, you know this, this huge like army

00:43:27
of devices on a single point.

00:43:29
But by eliminating that single point it doesn't really matter,

00:43:34
right?

00:43:34
Because, yeah, you can take down, let's say, you take down

00:43:37
one, right?

00:43:38
Well, we have, you know, 300 other data centers or CDNs,

00:43:43
right, that are projecting the same thing out there.

00:43:45
So, good luck taking all of that down at once.

00:43:49
Speaker 2: Yeah, you want to distribute your defenses just as

00:43:51
much as the like the.

00:43:53
The attack is distributed, so that's, that's really.

00:43:57
The trick is like you stop a distributed attack with a

00:43:59
distributed defense.

00:44:02
Speaker 1: Wow, that is.

00:44:03
I mean that makes a lot of sense.

00:44:05
It's just I can't believe it's.

00:44:07
I mean I don't want to call it simple, you know, but I can't

00:44:11
believe it's that simple of a thought behind it, right?

00:44:15
Because I just always, I don't know, I didn't think about CDNs

00:44:19
in that way of being able to be used to load, balance the

00:44:23
traffic like that, but it makes.

00:44:25
It makes complete sense as to why you can do that.

00:44:29
Speaker 2: Yeah, the, I mean one .

00:44:31
I don't mind calling things simple, because I think the most

00:44:33
brilliant things are simple.

00:44:34
They also are very.

00:44:35
Some brilliant simple things are really hard to pull off.

00:44:38
But I would even say, though, that this idea of doing anycast,

00:44:44
where you're advertising over BGP, the same IPs in different

00:44:47
places, is Cloudflow is essentially one of the first

00:44:50
companies to do that for stateful protocols like TCP, and

00:44:56
, historically, you know, we actually we hate being called

00:45:01
the CDN because we're like, oh, it's like calling a car an Astra

00:45:03
, like your car has an Astra in it, but like we have a CDN, but

00:45:07
we do a bunch of other things, the.

00:45:11
But the way that, like I guess, the other players that have been

00:45:13
in this market for a long, lot longer, what they did was they

00:45:17
would load balance with DNS.

00:45:18
So if you, if you looked up the IP address, you know, do a DNS

00:45:25
lookup, you would get a different response depending on

00:45:28
where you were.

00:45:28
So they did only have single IPs in one place, but they would

00:45:32
just give different IPs to different people, and that

00:45:35
generally works, because that's another way to sort of low

00:45:38
balance.

00:45:38
But if, if you, instead of attacking, like a domain name,

00:45:43
you would, and where you're resolving it and getting

00:45:45
different IPs.

00:45:46
If you just attacked a single IP then you could still like

00:45:49
load up on it and by having the IP itself advertised in

00:45:53
different places with any casts that like it raises to then like

00:45:56
the next level up.

00:45:58
And plus, not to get too much in the details, but with DNS

00:46:03
giving different IPs, you run into these like replication

00:46:05
challenges.

00:46:06
And how long is it going to take for sort of DNS queries to

00:46:12
fall out of caches and stuff?

00:46:13
I'm sure you've seen this before as well.

00:46:15
Anyone that's learned sort of IP config commands you know to

00:46:20
flush your DNS cache.

00:46:21
You know why.

00:46:22
So that's the, that stuff.

00:46:25
Speaker 1: Yeah, that is such a headache, especially when you're

00:46:27
you're trying to like deploy a proxy and it has other settings

00:46:31
on it.

00:46:32
It's not taking the new stuff.

00:46:33
So frustrating and just like it makes, it makes the product

00:46:38
look a little bit worse to the organization because it's like

00:46:42
oh, this is supposed to be flawless.

00:46:43
You sold it as flawless.

00:46:44
You know it's always.

00:46:47
It always makes for interesting situations, those small nuances

00:46:51
like that.

00:46:53
Speaker 2: But those are where you this is where we learn right

00:46:55
, like when, like we're forced to make something work and

00:46:57
you're like this isn't working, my mental model didn't function.

00:47:00
It's like right back to our first conversation, which is

00:47:03
like how do you get yourself in the position where you have to

00:47:06
learn how something, how how something functions at at like,

00:47:10
at a very basic level.

00:47:12
Speaker 1: Yeah, absolutely.

00:47:13
So you know where.

00:47:17
Where is cloudflare going, because I feel like cloudflare

00:47:20
has been around for a while now.

00:47:21
You know and cloudflare has always been known, as you know,

00:47:26
that that, that DDoS protection right, that CDN, almost right.

00:47:31
Where, where do you see cloudflare going as a whole?

00:47:35
Are you guys working on new offerings that you plan on

00:47:38
releasing in the future?

00:47:39
Are you stepping into other other domains and needs of

00:47:44
security?

00:47:45
I would imagine that if you do go down that path, you'd

00:47:49
actually be pretty successful at it.

00:47:51
You'd have a good product.

00:47:52
You'd have, you know, provide good quality to the, to the

00:47:56
industry, because of your track record with what you're doing

00:47:59
already.

00:48:00
Where are you guys going?

00:48:03
Speaker 2: Well, so when I started 10, over 10 years ago,

00:48:06
we had we had some basics protections for web applications

00:48:11
, right, and so you think about this as sort of like and and for

00:48:15
for many years we were just sort of expanding out like what

00:48:18
you could do.

00:48:18
So, whether you're talking about web apps, to other things

00:48:22
like TCP and UDP, but like, basically, how do you shield an

00:48:25
application from DDoS?

00:48:26
You can do load balancing, rate limiting.

00:48:29
Then you start to like fraud detection, bot management, all

00:48:32
this stuff.

00:48:33
But from the very beginning, cloudflare is sort of like a

00:48:36
networking and security company and I don't like oversimplify.

00:48:40
Networks connect users to applications, and we were doing

00:48:43
that first part, which was protecting applications.

00:48:46
And then back in 2020, like sort of like right around the

00:48:50
time COVID came out, we started launching a set of services for

00:48:53
protecting the users, because you're like, okay, we're on this

00:48:56
, on the, on the, where, the network, so that's a lot of sort

00:49:00
of forward proxy, protected DNS as the email, phishing

00:49:08
protection, like there's, there's a ton of stuff you can

00:49:11
do there, like DLP, et cetera, so that security side.

00:49:14
And then we also, at a similar time, launched more network

00:49:20
services.

00:49:20
So we, we can do, we can protect sort of site to site.

00:49:26
We can replace your WAN and we can do like firewall there, like

00:49:30
IPS, ids, things sort of in the network itself.

00:49:32
And to me that's really cool, cause you've got like, okay,

00:49:36
wherever the user is, you can.

00:49:37
You can get all the protections for the user.

00:49:39
Then you know on cloudflare, and then the cloudflare itself

00:49:43
can be the network that carries the traffic to wherever it's

00:49:47
going with the network services, and then you protect the

00:49:49
application itself with the application stuff.

00:49:52
So that's sort of where we are today.

00:49:55
And then if the interesting thing, the where we're going

00:49:59
sorry, give me the long answer of this is how did we build that

00:50:04
?

00:50:04
Well, right, we, we, from the very beginning we had built this

00:50:09
idea of running the same things in all these places, et cetera,

00:50:12
in this natively distributed way, and so to make our own

00:50:17
developers productive, and so, like we have a developer that

00:50:20
will build, like you know, they'll build a new load

00:50:22
balancer, they'll build a new, you know, deep pack inspection

00:50:26
capability.

00:50:27
We didn't want them to think about how, how that, like where

00:50:32
to run it.

00:50:32
Like, do they deploy to Dallas or Moscow?

00:50:35
They just deploy it to the network and it runs everywhere

00:50:39
and that's, that's super compelling, like it literally

00:50:41
runs all over the place, and so there was all this work that

00:50:43
went into building this sort of like natively distributed

00:50:47
environment and we finally were like, oh, customers probably

00:50:50
want that too, and so that's turned into this like this whole

00:50:55
serverless platform, and I think that's the the unknown

00:50:59
future.

00:50:59
But like if the world starts really developing things in

00:51:03
serverless, that becomes like super compelling.

00:51:06
But then we're like competing with, like Amazon and Google.

00:51:09
So that's a if that, if that plays out well and the sort of

00:51:15
industry moves the direction we are, that's a big future for us

00:51:19
also.

00:51:20
So it's a long answer to your question.

00:51:23
All four areas, I think, have futures, but that's some of them

00:51:28
are we've been doing for a while and other things we're.

00:51:30
We're just sort of like ambitiously, sort of stretching

00:51:34
into.

00:51:35
Speaker 1: Yeah, it's really interesting seeing all the

00:51:38
different tech trends and you know where they go and

00:51:42
everything like that.

00:51:42
And you know the past couple of years, every company that I've

00:51:47
been at, every company that I've even talked to or know people

00:51:50
at, they're all going serverless right and they're kind of

00:51:53
dipping their toes in the water right now with serverless my

00:51:58
current company they're probably the most serverless that I've

00:52:01
that I've seen.

00:52:02
Yet you know they go like serverless first.

00:52:05
You know so it's.

00:52:07
It provides interesting challenges, especially for you

00:52:11
know someone to just learn the serverless side and like kind of

00:52:15
wrap your head around that.

00:52:16
It's a whole.

00:52:17
It's a whole other like game that you're playing, that you're

00:52:21
trying to figure out and you know from a security

00:52:23
professional, how do you secure it, how do you make it easy for

00:52:26
your developers and everything else.

00:52:28
So it just it opens up a whole other can of worms, I guess,

00:52:32
which is really interesting to see Cloudflare go into.

00:52:35
That, you know, because as this space is kind of evolving and

00:52:40
growing and turning into a more mainstream, you know, deployment

00:52:45
approach, it's really interesting to see Cloudflare,

00:52:48
you know, also identify that and say, oh, you know what, why

00:52:51
don't we take this tech and move it into this, but we have to

00:52:54
build it from the ground up, you know, for this architecture,

00:52:57
because that's the only way that anything runs in this in this

00:53:00
serverless world.

00:53:02
Speaker 2: Yeah.

00:53:03
Yeah, it's just sort of like if we say that one's moving from

00:53:07
sort of centralized things to very distributed, where this

00:53:11
network that helps like move, you know, connect to your user,

00:53:14
to your application, no matter where the user is, where the

00:53:16
application is.

00:53:17
But then, like the logical, if things get really distributed,

00:53:21
the logical like next step is like there are certain things

00:53:23
that you don't even want to run in your data center, like can

00:53:25
you just make them run in the network themselves, and so I

00:53:28
think that's what we're starting to see is like there's certain

00:53:30
use cases or even like storing of data, like we have a, we have

00:53:34
a like an S3 compatible object storage, and so we're finding

00:53:39
like some AI companies are using that to hold their training

00:53:42
data and they can like move makes it really easy to like

00:53:45
take the training data to whatever cloud they're using to

00:53:48
build their LLM and that kind of thing.

00:53:50
So there's just certain use cases that make sense just to

00:53:53
put it in the network itself.

00:53:54
And that's that's exciting.

00:53:57
When you start thinking about serverless in that way, going oh

00:54:00
okay, and also from you and I like thinking about like making

00:54:04
something super available at low latency, you're like oh okay,

00:54:07
before, if I wanted something to be available, I had to.

00:54:09
I had to, you know, have a master with a slave and like

00:54:13
manage orchestration et cetera.

00:54:14
And then, if I was lucky, I'd have two or three instances

00:54:18
where, if you can like deploy to a serverless environment like

00:54:21
Cloudflare, you're like, oh, there's now literally like tens

00:54:24
of thousands of incidents, incidents or incidents of it

00:54:28
running, and I don't have to orchestrate it at all, like

00:54:31
it'll, just it'll, sort of like that's part of the platform.

00:54:34
That's really cool.

00:54:38
Speaker 1: Yeah, it makes for a interesting future, that's for

00:54:42
sure.

00:54:42
We'll trade, you know we're.

00:54:44
We're unfortunately at the top of our time here.

00:54:47
I feel like I go another two, three hours with you, but you

00:54:52
know I got to respect everyone's time, especially my own.

00:54:54
I'm sure my wife will kill me if I stay on any longer, but

00:54:58
before I let you go, you know why don't you tell my audience

00:55:01
where they could find you, where they could find Cloudflare, if

00:55:04
they've been living under a rock for somehow, you know, for the

00:55:07
past 10 years?

00:55:07
And yeah, you know, give them all that good information so

00:55:11
they can they can learn more if they want.

00:55:14
Speaker 2: Yeah, well one.

00:55:16
Thank you so much, joe, and thank you to your wife for

00:55:18
lending your time.

00:55:19
This has been.

00:55:21
This has been a blast.

00:55:22
I could I could chat with you for ages.

00:55:24
You can find Cloudflare at cloudflarecom, and actually

00:55:28
where I recommend people start is blogcloudflarecom.

00:55:32
We got a really, really good blog and, and if you want to

00:55:36
just geek out on some stuff, there's a thing called

00:55:39
radarcloudflarecom and the radar will.

00:55:42
You can get stats on like IPv6 versus four and what kind of

00:55:47
DDoS attacks are happening, which countries on which

00:55:49
networks.

00:55:50
There's some, there's some really cool sort of like real

00:55:53
time dashboards of the internet, and if you want to find me, you

00:55:58
can find me on LinkedIn.

00:55:58
It's probably the best place to get a hold of me and I would

00:56:03
love to connect with folks and answer questions and hopefully

00:56:06
you and I will meet in person sometime soon, joe.

00:56:10
Speaker 1: Yeah, absolutely, that'll be great.

00:56:11
Well, thanks, trey, and I hope everyone listening to this

00:56:16
episode enjoyed it.

00:56:17
I will have all of the links down in the description of the

00:56:20
episode.

00:56:20
Make sure you go check them out .

00:56:22
Thanks, everyone.