Are you ready to have your technological horizons broadened? We've got Trey Guinn, an expert from Cloudflare, here to give you a grand tour of his tech journey. He'll take you from his humble beginnings building computers at the mall, through his time working in data centers in New Zealand, all the way to his current position at Cloudflare, a globally trusted Web Application Firewall solution provider.
Do you ever feel like you're running to catch up with the rapid pace of technology? Trey shares his insights on everything from the rise of Linux to the development of TCP IP for Windows NT. He offers an insider's perspective on keeping up with the latest tech trends, emphasizing the importance of curiosity and a genuine desire to understand how things work. If you've ever wondered about the different approaches to problem-solving across cultures, Trey's experiences in Amsterdam and New Jersey will be an eye-opening exploration of diverse tech landscapes.
Got questions about anycast networks and DDoS attacks? Trey's got answers. He breaks down how companies like Cloudflare utilize cutting-edge technologies to protect against large scale DDoS attacks. This episode doesn't just stop at the technical aspects of the matter, but also provides a comprehensive overview of the evolution of Cloudflare's services over the past decade. So, whether you're a tech enthusiast or a professional, this conversation with Trey is sure to leave you with valuable insights and a richer understanding of the technological world. So join us, and let's take a fascinating walk down the tech memory lane with Trey Guinn!
A leading internet security and content delivery network provider, safeguarding websites worldwide
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, everyone?
00:00:02
This is another security unfiltered episode.
00:00:05
So today's episode is with Trey Gwyn from Cloudflare.
00:00:10
Cloudflare actually decided to sponsor the podcast because they
00:00:13
believe in what security unfiltered is doing.
00:00:17
They like how we present the information and whatnot.
00:00:20
And Cloudflare is a very well known WAF solution that is used
00:00:26
by thousands of companies worldwide and you know we had
00:00:29
some common synergies right.
00:00:31
So they wanted to sponsor the episode.
00:00:33
But that doesn't mean that they directed the questions that I'm
00:00:37
asking or the conversation that we're having or anything like
00:00:40
that.
00:00:40
That's absolutely not the case.
00:00:42
They just sponsored the episode because they believe in what
00:00:46
we're doing here.
00:00:47
So with that, let's get into the episode.
00:00:50
Thanks everyone.
00:00:55
How's it going?
00:00:55
Trey, it's really great to finally have you on the podcast.
00:00:59
You know we've been trying to get this thing going for a while
00:01:03
now.
00:01:03
I actually think I started talking to Cloudflare back in
00:01:08
April or May.
00:01:09
It was one of those months right after my kid where, like
00:01:12
it's a complete blur, you know, and there was several times
00:01:16
where, like I went out to dinner or you know I had like a
00:01:19
meeting or something, and you know they would be like, oh,
00:01:22
don't you remember?
00:01:23
Like we had this dinner, we had this thing right when we
00:01:27
discussed all this.
00:01:28
They're like I don't know.
00:01:30
I mean, that doesn't exist to me right now.
00:01:35
Speaker 2: Oh well, congratulations.
00:01:36
And you know, you know, in the world we'll know be over in
00:01:40
about 18 years, right, yeah, hopefully hopefully 18.
00:01:45
Speaker 1: So, trey, you know I started everyone off with
00:01:49
telling their background, and the reason why I do that is
00:01:52
because there's, you know, there's different sections of my
00:01:55
audience, right, that are coming from different
00:01:57
backgrounds and they're trying to figure out, like you know,
00:02:00
hey, is this something that I can do?
00:02:02
Is this something that you know is possible for me?
00:02:05
Right, I get that question so many times.
00:02:08
Right, I want to get into cybersecurity, but I don't come
00:02:11
from an IT background.
00:02:12
Is that possible?
00:02:14
And so I feel like it's always helpful for my guests to, just,
00:02:17
you know, give their background.
00:02:19
Tell us where you came from.
00:02:21
Did you study IT in college or did you go down another rabbit
00:02:26
hole?
00:02:27
Speaker 2: Yeah, that's a good question.
00:02:28
So I I go like way back.
00:02:32
My first job was building computers in the mall and like
00:02:37
not the nice mall, the crappy mall, and so building like 46s,
00:02:43
this and the other, and I remember getting.
00:02:46
I sort of got on the internet at first when it was CompuServe
00:02:50
I do dial up at home so built my computer there, sort of played
00:02:55
around.
00:02:55
I remember like when they added TCP IP to Windows.
00:02:58
So I'm really dating myself, but that was like 12, 14 years
00:03:03
old.
00:03:04
You know, I was kind of a kid and I think what changed that
00:03:07
was when I went to university.
00:03:09
I I had a job at university but I was working for like the
00:03:15
university IT team, which meant like just network management.
00:03:19
So I got into like lands and stuff there and started to
00:03:23
really learn networking.
00:03:24
I ended up working full time while I was in college at a
00:03:31
small business sort of networking company.
00:03:33
So it was like an IT guy that built, like you know, built
00:03:36
networks and installed them.
00:03:37
So I do everything from you know, plug a mouse in to you
00:03:42
know, build a Windows NT network and and what have you.
00:03:45
And then let's see after.
00:03:49
After college I kept essentially working the place I was working
00:03:53
at while I was in college and did that for a little bit and I
00:03:59
just sort of like life decision in front of me.
00:04:01
I was living in Austin, I was doing this sort of small
00:04:04
business IT thing and it was a small company's, like you know,
00:04:08
just a couple of college age kids, you know, fixing networks
00:04:12
for like lawyers and what have you.
00:04:14
And the owner of that business was like hey, I think I want to
00:04:20
go back to school.
00:04:20
We could do this like employee buyout thing, so like if you
00:04:24
just stick around for three years, we'll give you a third of
00:04:26
the business.
00:04:26
I was like, oh, that sounds really cool.
00:04:29
But I was 24, 23, four years old , something like that, and I was
00:04:35
like I'm not sure I'm living in Austin.
00:04:37
And I was like I'm not sure I want to spend the rest of like I
00:04:40
don't know if I want to spend the rest of my life here.
00:04:42
I haven't lived anywhere else.
00:04:43
So I actually it was kind of crazy, but I just said thank you
00:04:48
so much, but I'm going to quit now instead.
00:04:51
And I sold everything I owned and went to go travel around the
00:04:56
world for a year you know in quotes but I sort of like ended
00:04:59
up in New Zealand accidentally, got a real job, and then there
00:05:05
was like building sort of like data centers and stuff like that
00:05:09
and I ended up being the guy that just like picked up, picked
00:05:14
up firewalls and became like the first Fortinet certified
00:05:18
administrator in New Zealand because I just thought those
00:05:21
things were really cool.
00:05:22
But I ended up being this again it's kind of a smallish economy
00:05:26
, smaller company, only like a couple hundred people there, and
00:05:31
then after that I would give you the long sort of it then
00:05:34
ended up in New Zealand.
00:05:35
After New Zealand ended up in Amsterdam and I kept doing sort
00:05:39
of infrastructure stuff and then enterprise architecture at a
00:05:43
big multinational and then from there I got a job at Cloudflare
00:05:48
about 10 years ago as a first solution engineer.
00:05:50
So this is slightly abbreviated version but still worthy.
00:05:56
Speaker 1: Yeah.
00:05:56
So so, trade, you know you bring up an interesting time, I
00:06:01
guess, in the computer world.
00:06:02
You know when you started, when or at least you said that you
00:06:07
remember when they added TCP IP to Windows NT.
00:06:12
Speaker 2: I think it was right, and do you use Windows 3 to
00:06:16
Windows 3.1?
00:06:17
It was like when you actually got a TCP IP stack.
00:06:23
Speaker 1: Wow.
00:06:23
So you know, do you?
00:06:26
Do you think that you know?
00:06:29
Engaging with technology back then allowed you to understand
00:06:33
kind of the underlying.
00:06:35
You know workings of it quite a bit more than what people do
00:06:39
today.
00:06:40
And I bring that up because earlier on in my career I was
00:06:43
essentially a Linux admin, right , and the Linux OS did not have
00:06:48
a GUI on it, so it was strictly terminal, and so I ended up
00:06:52
learning Linux extremely well as well as learning you know the
00:06:57
network stack on the Linux server, learning you know the
00:07:00
different security, you know configurations and how
00:07:04
everything is configured right, and that kind of opened my eyes
00:07:08
because I was used to, you know Windows 98, right, windows 2000,
00:07:14
whatever, whatever, windows 7, that's what it was Sorry, and
00:07:22
you know I was used to that GUI right, never played around with
00:07:24
the terminal, but as soon as I got into the terminal it really
00:07:27
opened up the rest of like technology to me.
00:07:30
I feel, do you look back on that and think the same thing?
00:07:33
Or, you know, is it a different kind of feeling?
00:07:38
Speaker 2: Yeah, that's a good question.
00:07:39
You know what leads us to sort of go deeper down in this career
00:07:46
.
00:07:46
Fundamentally, I think what is incredibly helpful has been for
00:07:51
me, and even when I, like I built a solution engineering
00:07:54
team at Cloudflare, what made folks really good at their role
00:07:57
was folks that wanted to understand how things worked
00:08:02
right.
00:08:02
So you're looking for this sort of sense of curiosity.
00:08:04
I'm with you.
00:08:06
Like, I remember trying to get my first sound card to work in
00:08:10
Red Hat 2 or whatever it was, and you know, and at the time we
00:08:15
had this debate in the dorms about, like, is it Linux or
00:08:18
Linux?
00:08:19
And the demo sound was like hello, this is Linux Store
00:08:23
Vaults, and I pronounce Linux, linux.
00:08:25
And I was like, all right, we're seeing, like, but it took
00:08:29
like two days to get a sound card to work and you learned a
00:08:32
lot about interrupts and this and the other.
00:08:34
I like I'm reticent to say that that is the thing that makes
00:08:40
you understand the material better.
00:08:42
I think you're either curious and you dive in because you find
00:08:46
it genuinely interesting, or it's so bloody hard to use that
00:08:49
you're forced to learn how it works.
00:08:51
But I think both of those paths work to get you there, because
00:08:56
I mean there's a bunch of new stuff now that like I should be
00:08:59
digging more into.
00:09:00
Yeah, so, as always, that'll never stop.
00:09:04
Speaker 1: Yeah, that's, that's a really good, I guess, analogy
00:09:08
or way of thinking about it, right, like it has to be so, so
00:09:12
hard that you have to learn it inside and out.
00:09:16
I mean, you know, there was a point when I was that Linux
00:09:19
admin right where, where I had to learn SC Linux, not because I
00:09:24
wanted you know, I didn't even know what SC Linux was but on
00:09:28
the call I had a customer that was like, oh, we require SC
00:09:31
Linux to run, and whenever we've run it on your server,
00:09:35
everything breaks.
00:09:36
Like, okay, well, that's really weird.
00:09:39
You know, like this thing should just be working right,
00:09:41
like and I mean, this was weeks, weeks later.
00:09:46
You know, like I finally had it all down, but like, if you
00:09:50
looked at my one note that I was taking notes in because I took,
00:09:53
you know, copious amounts of notes I took the error that I
00:09:56
would run into the command that I ran to fix it, why that
00:10:00
command works.
00:10:01
And you know, keep on going through it.
00:10:03
And the extensive one note that I had at the end turn into the
00:10:09
troubleshooting guide for all of SC Linux for the company.
00:10:11
And like it was used by the devs to actually say, oh, this
00:10:16
is all the changes we need to make.
00:10:17
You know, I never would have learned it as well If I wasn't
00:10:22
going through those problems, that's for sure.
00:10:25
Speaker 2: Yeah, you're like sort of forced through it.
00:10:27
You have to, like you have to build mental models as you go,
00:10:31
and then you sort of your this is actually.
00:10:33
It's an interesting way to learn, Like I find tinkering and
00:10:37
playing with things is a fantastic way to learn, and
00:10:39
trying to make something function in SC Linux is like the
00:10:42
ultimate version of that.
00:10:43
You're like I think I have a mental model of correction, Like
00:10:46
nope, it didn't work.
00:10:47
All right, I'm going to like fine tuning continuously, yeah
00:10:51
yeah, absolutely.
00:10:52
Speaker 1: So, you know, along your path.
00:10:55
You said that you were, you were at a company doing, you
00:10:59
know, some IT work for law firms , right, and they offered you
00:11:04
essentially one third of the company and you chose to travel.
00:11:07
So walk me through, walk me through that decision, right.
00:11:11
And this is a really interesting decision for me
00:11:15
personally, and I'll tell you why.
00:11:16
Right, um, I remember back when I was, you know, younger, right
00:11:23
Earlier on in my career, I had just started to develop this
00:11:27
mentality of say yes and figure it out later, right.
00:11:32
And so I think to myself, if I was presented with that one, I
00:11:35
would have taken it, right.
00:11:37
But what you did was travel the world and start to experience
00:11:43
that.
00:11:43
And I have a friend who, very recently, actually just decided
00:11:48
to leave his job and was like you know what?
00:11:49
I'm not happy working here, I'm not happy doing this.
00:11:52
I'm literally going to go travel the world, like I've
00:11:55
worked, you know, since college.
00:11:57
I want to go do this, and so he did it and I'm extremely
00:12:00
envious of him because I have a seven month old.
00:12:03
Right, I can't, I can't just up and leave.
00:12:06
If I do, I have to take two other people with me and that's
00:12:10
very expensive.
00:12:11
It's not like I'm a, you know, a single 22 year old anymore.
00:12:15
Right, like I have responsibility.
00:12:17
Speaker 2: It's possible, anything's possible.
00:12:19
You can travel with a family.
00:12:21
Speaker 1: It's not impossible.
00:12:23
It's very difficult, very difficult, very inconvenient.
00:12:25
So you know just talk me through that decision.
00:12:31
What did you weigh?
00:12:32
How did it look to you?
00:12:34
What were you thinking?
00:12:37
Speaker 2: Yeah, so it was.
00:12:38
It's interesting, I wasn't unhappy, I loved my life, I was
00:12:40
having a great time, like the job, et cetera.
00:12:43
But I I guess I was aware of the fact that I was like 24
00:12:47
years old and here was this option to take sort of the
00:12:54
ownership stake in a business and I said, okay, well, if I do
00:12:57
that, like you know, I remember my thought was always like, okay
00:13:01
, then all I need to do is find a house, a wife and I'll be
00:13:05
ready to die, like like my whole life will just be like laid out
00:13:09
in front of me.
00:13:09
And I was just like I'm not sure I had this sort of
00:13:16
sensation, was like I need to see other options before I
00:13:19
commit to this one.
00:13:21
And then what really helped was within a couple months of that
00:13:26
I mean actually right, similar timing, but like within a month
00:13:29
or two of that very fortuitously , I was in Banff, canada.
00:13:34
My mom and I have birthdays close to each other, so sort of
00:13:38
a birthday trip.
00:13:39
We went up there together.
00:13:40
But because I was traveling with my mom, I basically spent
00:13:43
whatever time I could trying to find people my age to hang out
00:13:46
with, and there were these.
00:13:48
There was a Irish couple of sort of in their 20s or my age
00:13:53
that were working behind the bar , their bartenders at the place,
00:13:56
and they explained to me this concept of holiday working visas
00:14:00
, the idea that you can get a well one, explain the idea of
00:14:05
travel right, like as Irish and Australians and stuff.
00:14:08
Like it's a very common thing, like after university go spend a
00:14:11
year abroad or you do your overseas experience, whatever
00:14:13
you call it and they're like, oh yeah, we got this visa.
00:14:16
It's called an over, you know, travel visa, working holiday
00:14:20
visa, and you can travel for a year in a place and you work a
00:14:24
little bit.
00:14:24
And this.
00:14:24
And I was like, oh wait, you mean I don't have to have
00:14:27
$100 saved up to be able to go travel for a year.
00:14:30
And yeah, and it was I.
00:14:34
Basically that was September when I met them and it like
00:14:38
opened my eyes to this possibility and I had left the
00:14:41
US by January 1.
00:14:43
So, like within a couple of months, I wrapped up my entire
00:14:47
life and was like I'm traveling the world and I think I bought
00:14:52
tickets to places that I probably couldn't find on a map
00:14:56
and yeah, it was a good time and the best part too is I'd never
00:14:59
traveled by myself before, and that was that was super, super
00:15:04
valuable for me.
00:15:05
Speaker 1: Hmm, yeah, you know, the very first trip that I ever
00:15:11
took, you know, by myself, was actually to Germany for study
00:15:16
abroad.
00:15:16
It was a four or six week program, right, and it was two
00:15:22
weeks, yeah, two weeks, after donating my kidney.
00:15:25
So I donated my kidney, oh my, I told my doctor like, hey, I'm
00:15:30
not going to make the checkups, you know, in a couple weeks
00:15:34
because I'm going to Germany, and so they, you know, had to
00:15:37
tell me, like, what hospital go to go to if anything went wrong,
00:15:40
and everything like that.
00:15:41
But that experience, you know, really prepared me for the rest
00:15:46
of my life, up to this point at least.
00:15:49
You know, it was amazing and it's really interesting to me
00:15:52
how well traveled you know Europeans are, like they, I mean
00:15:58
, they travel all over Europe all the time, right, and I was
00:16:03
talking to someone from Russia and he said, oh, you know how
00:16:06
many, you know how many countries have you been to,
00:16:10
right, and I'm like too, this is , this is number two.
00:16:13
You know, then, do America, if you count that right?
00:16:16
And he goes oh well, how much of America have you traveled?
00:16:19
I'm like, not that much, you know, like I, I had enough
00:16:22
states to.
00:16:23
You know, maybe fill a hand if I was being generous.
00:16:26
Right, and he was very confused as to how lacking in the
00:16:31
traveling department I was and I had to explain to him.
00:16:35
You know, if you pull up a map, right, we have 50 states over
00:16:39
here.
00:16:39
Right, you pull up a map and you look at one of our states
00:16:42
and it's, you know the size of potentially a couple small
00:16:46
European countries.
00:16:47
You know, like, like Illinois, right, you could drive in one
00:16:51
direction for eight, 10 hours.
00:16:54
You know, if you start at the very top, you go all the way to
00:16:57
the bottom, that's 10 hours.
00:16:58
And you just made it through one state.
00:17:01
You know, and, like him, wrapping his mind around that
00:17:06
was, uh, was really interesting, because I was also trying to
00:17:10
wrap my mind around them being so traveled, because they were
00:17:13
like, oh yeah, I'm going to Australia, I'm doing this and
00:17:16
I'm, I'm over here.
00:17:17
I'm like man, I'm just lucky I made it here.
00:17:20
Speaker 2: Yeah, yeah, no, it's, it's I.
00:17:24
I highly recommend it.
00:17:25
Thanks, folks.
00:17:26
Whether it's travel or in any way, just trying to expose
00:17:31
yourself to other ways of thinking and other ways to
00:17:35
approach problems, just get people to challenge the things
00:17:40
that you have assumed that you've been socialized to grow
00:17:43
up with.
00:17:43
You may still agree with those, but from that very big decision
00:17:48
, just because this is the default, is this the thing you
00:17:52
really want to stick with?
00:17:53
We can bring that right back to tech.
00:17:54
I mean, that's also the way you figure out how things work Is
00:17:58
like.
00:17:58
Can you run with the defaults or do you really need to
00:18:01
understand the implications of changing something?
00:18:04
Speaker 1: Yeah, now, did you experience a lot of that in your
00:18:10
tech jobs overseas, where they were going about a problem
00:18:15
differently from how you would have addressed it?
00:18:17
Was that situation something that you went through, or maybe?
00:18:24
Speaker 2: not Right.
00:18:25
Speaker 1: Because tech is universal.
00:18:28
Speaker 2: Well, yes and no.
00:18:29
Actually, I learned a ton.
00:18:32
I lived in Amsterdam for about almost six years.
00:18:35
One of the jobs I had there was I was an enterprise architect
00:18:40
for KPMG, but like KPMG internal IT, like the KPMG business, not
00:18:45
facing customers we had an enterprise architecture team
00:18:50
that was largely split between Amsterdam and New Jersey.
00:18:54
What I learned there is just this cultural way of going about
00:18:59
solving problems.
00:19:02
This is slightly exaggeration, slightly hyperbole, but if you
00:19:05
came up with a problem, set a set of requirements and you
00:19:10
brought it to the Dutch team, which I was on the Dutch team
00:19:17
they'd spend a month coming up with this perfect self-healing,
00:19:23
every potential solution, considered, every possibility,
00:19:29
Like they really thought things through.
00:19:30
They're very, very long-term focused.
00:19:33
They always think things like 100 years.
00:19:37
When they build houses in their neighborhoods they're thinking
00:19:39
like 500 years out.
00:19:41
We barely think six months out.
00:19:42
They just have this very long-term perspective.
00:19:46
But it would take like a month to come up with a design for the
00:19:48
system, much less than you have to go build it.
00:19:51
You'd have the same problem set to the American team and the
00:19:56
American team would have a POC running.
00:19:58
By Friday It'd be up and running Now you'd have to duct
00:20:02
tape it to no end.
00:20:04
It's going to cost a fortune.
00:20:08
They hadn't considered any of the problems that could arise.
00:20:10
I hadn't really thought through anything, but it was running.
00:20:13
What my takeaway was is that the ideal is somewhere in the
00:20:18
middle.
00:20:18
You have to move fast to take advantage of market
00:20:22
opportunities and just as opportunities come up, but you
00:20:27
also need to somehow balance the short-termism versus
00:20:30
long-termism.
00:20:31
What I really liked was being exposed to both of those teams
00:20:35
and seeing how they functioned, because I felt like I could
00:20:40
learn from both.
00:20:40
The question was spot on, but that was super formative for me
00:20:46
in my career.
00:20:50
Speaker 1: Yeah, at my current employer.
00:20:52
They're a German company and it's insane how much they
00:21:01
actually think through this stuff and everything.
00:21:03
I just spent a year doing what they call a POC.
00:21:09
To me the POC was only the past six weeks.
00:21:14
It was the only time that I was actually doing hands-on
00:21:17
keyboard, actually getting into the weeds of different things.
00:21:21
I've been working on it for the past year because they want
00:21:27
every single T-cross, every I dotted.
00:21:31
They want to think about it a couple of times.
00:21:33
I learned in that process that when they're designing vehicles
00:21:39
over in Germany they'll have button requirements where
00:21:44
corporate will say it cannot have more than X amount of
00:21:48
buttons in the vehicle.
00:21:50
Where you place them is up to you and they will debate this.
00:21:54
I guess they were actually debating this for eight months
00:21:58
all the way up until the car was actually released and corporate
00:22:01
had to put a boundary on these engineers saying okay, you have
00:22:06
two months to make this decision because we have to figure out
00:22:10
everything else.
00:22:10
We can't be held up because you don't know where to put a
00:22:13
button.
00:22:13
You need to figure it out, which is really interesting.
00:22:19
I drive a German sports car and my wife has the same
00:22:26
manufacturer.
00:22:26
I'm trying not to give away too much information because as
00:22:30
soon as I do, everyone's going to be like oh, this is where Joe
00:22:34
works.
00:22:34
That's what I want to avoid.
00:22:36
My wife also drives an SUV from the same car manufacturer.
00:22:40
If I sit in her car and I sit in my car one, they're two
00:22:44
totally different cars, they perform totally differently, but
00:22:47
they are the exact same experience in terms of the
00:22:52
cockpit experience.
00:22:54
The buttons are in the exact same place.
00:22:56
It feels the same.
00:22:57
There's very few differences and they do that very
00:23:01
intentionally because they want it to be.
00:23:03
If you drive our lowest end car or highest end car, it's the
00:23:07
same controls, it's the same functions.
00:23:10
It performs differently, but it's mostly the same all around.
00:23:15
It's really fascinating to me of how much time they will put
00:23:22
into making the decision not right but perfect.
00:23:27
Speaker 2: Yeah, it's that idea of designing systems with a user
00:23:32
experience that people can just appreciate and they can jump in
00:23:37
and use.
00:23:37
And then, obviously, ideally, you don't want to have to read,
00:23:45
you don't want someone to be required to read the owner's
00:23:47
manual to figure out how to turn the air conditioner on.
00:23:49
It should just be obvious, right, it should be intuitive.
00:23:51
And this probably goes to it's always going to bring around to
00:23:55
security.
00:23:55
Again, like it's shocking.
00:23:57
You think about solutions that are not secure by design or it's
00:24:03
not intuitive.
00:24:05
I always feel like hard to use systems are inherently less
00:24:09
secure and hard to use also for end users.
00:24:13
Like if security adds too much friction, people will find a way
00:24:17
around it, like they won't leverage it.
00:24:19
And so it's like, how do you really think about that end user
00:24:23
experience?
00:24:23
Making it consistent, making it just where you don't even have
00:24:27
to think?
00:24:27
It should just be intuitive.
00:24:28
You're like, oh, I want to do, I want to put the car in drive.
00:24:31
It's like it's super obvious what I'm doing and I'm doing the
00:24:34
right thing.
00:24:35
I'm not accidentally putting the emergency brake on in the
00:24:38
process.
00:24:39
Speaker 1: Yeah, Right.
00:24:40
So, Trey, you mentioned you started off as what was it?
00:24:45
A solutions architect at Cloudflare, Is that right?
00:24:50
Speaker 2: Yeah, so I was the first solution engineer at
00:24:53
Cloudflare.
00:24:53
Technically, I was the first hire in the customer facing
00:24:58
sales team and I'd never been in a quote unquote sales team I
00:25:03
would like really cringe at that moniker.
00:25:05
But it ended up being like my favorite job, which, because I
00:25:11
had all this background in sort of being I was an SRE before I
00:25:16
was like IT guy, built data centers.
00:25:19
I like working with customers.
00:25:21
I really liked solving their problems and understanding what
00:25:25
they're trying to accomplish.
00:25:26
And then I feel like it's like designing a LEGO setup.
00:25:30
I love hearing what the requirements are, looking at
00:25:32
what the tools are and trying to come up with the best solution
00:25:36
to meet the requirements and also think like the Dutch do,
00:25:39
think a little bit in advance of what's going to be step two and
00:25:43
step three after this and how can I sort of prep you for that
00:25:46
Turns out I didn't realize that's what solution engineering
00:25:49
is Sort of figuring out how to solve someone's requirements,
00:25:53
and so I ended up being a sweet gig and I was the first solution
00:25:58
engineer and then I ended up managing and building that team
00:26:02
up to.
00:26:03
I did that for eight years, so I ended up being a global team
00:26:07
of 160 people, and so I had solution engineers in I don't
00:26:12
know like 20 different countries and just this amazing group of
00:26:15
people and yeah, so that's how I started at Cloudflare.
00:26:22
Speaker 1: Wow, that is a really interesting start, because now
00:26:28
you're a field CTO, which I mean it's I guess this is the best
00:26:40
way of putting it right it's obviously a higher level
00:26:44
position, but it's almost completely different because
00:26:47
it's a different set of problems that you're trying to resolve.
00:26:51
You may not be in the weeds every day, like you alluded to
00:26:56
previously.
00:26:56
You're not in the weeds every day, and so it's more difficult
00:26:59
for you to stay on top of all the different evolving
00:27:03
technologies and whatnot right, and so how do you find the time
00:27:10
even to stay on top of it?
00:27:12
Do you have key resources that you go to that maybe give you a
00:27:16
quick blurb about something right that you may need to know
00:27:19
for a customer meeting, or something like that?
00:27:24
Speaker 2: Yeah, that's a good question, I mean one.
00:27:28
It is challenging because I'm obviously like, even just with
00:27:32
our own products and solutions I'm just like I'm not getting my
00:27:35
hands dirty with it nearly as much now.
00:27:37
I'm sort of in a way I'm like sort of more focused on the
00:27:40
strategy versus the practicality , what you're doing with it.
00:27:43
But I think what has served me well is just to try to maintain
00:27:49
that sense of curiosity.
00:27:51
And what has saved my bacon is, I mean one I'm lucky to work at
00:27:56
a company that blogs super extensively about how things
00:28:01
work in the background and what have you, and I find that super
00:28:05
interesting.
00:28:05
I'll read about how different cypher suites function and super
00:28:12
low-level kernel things in a Linux kernel which, to be honest
00:28:16
, is way past anywhere I've ever actually played around with.
00:28:18
But just it helps to build those mental models.
00:28:21
And then, critically, I'm lucky is that Cloudflare is in place,
00:28:26
is really transparent internally and everyone's really
00:28:29
helpful and friendly.
00:28:30
So if I find myself curious, I try to.
00:28:36
When we worked in the office I would literally tap someone on
00:28:38
the shoulder.
00:28:38
Now it's a sort of virtual tap on the shoulder.
00:28:40
I'm like, hey, do you mind taking 10 minutes explaining to
00:28:44
me how this works, because I'm just trying to have that model
00:28:49
in my head and so, working with product or engineering, do that
00:28:53
a lot and hopefully taking those ideas when we're working with
00:29:01
customers, partners, government entities et cetera.
00:29:04
And largely it's not even so much trying to convince them to
00:29:08
do one thing or another, I just like it's largely trying to just
00:29:12
essentially educate what I'm learning from these smart
00:29:15
engineers at Cloudflare, like if I can just sort of pass that
00:29:18
information along, then these folks can make a more informed
00:29:24
decision about what their next steps are.
00:29:26
Speaker 1: Hmm, yeah, it's really interesting.
00:29:29
You know when, when you're talking to different customers,
00:29:35
is there a common issue or a common thread with your
00:29:39
customers that you're seeing?
00:29:41
You know it might be consolidating their tech stack,
00:29:44
right, because over time the tech stack has grown so
00:29:47
significantly it's difficult for even the engineers to keep up
00:29:52
with right.
00:29:53
And you know, for example, just recently I was faced with an
00:29:59
issue that I was trying to solve without a tool that we had
00:30:02
bought, deployed and were running that specifically solves
00:30:06
this problem right, and I had no clue that it had that
00:30:12
capability.
00:30:13
I knew that we had it, but I didn't know it had that
00:30:15
capability right.
00:30:16
And I'm someone who's pretty much in the weeds, you know like
00:30:21
.
00:30:21
Speaker 2: I'm.
00:30:21
I mean, you're on top of this stuff.
00:30:23
Yeah, exactly.
00:30:25
Speaker 1: Right, you know so like.
00:30:26
Is that a problem, or is there more unique problems than that?
00:30:34
Speaker 2: I mean we have.
00:30:34
We always have those challenges , I mean particularly for
00:30:39
ourselves.
00:30:40
Like we're an innovative company, we keep shipping new
00:30:42
things.
00:30:43
I mean it's hard enough for like our own employees to know
00:30:47
what we have this week, much less our customers.
00:30:50
And then half the customers have sort of been introduced to
00:30:53
Cloudflare at some late some date in the past and then when
00:30:57
they chat with us today and we were like, oh, this is what the
00:30:59
platform does, they, they like they're like whoa, that's like
00:31:02
10.
00:31:02
Next, what I thought you guys did.
00:31:04
And I think the interesting thing there is that I I really
00:31:09
think Cloudflare is kind of a new category of business and we
00:31:14
finally actually started like trying to come up with a name
00:31:17
for this.
00:31:17
And we don't think we're going to be the only one, like we
00:31:19
think there's other companies doing this.
00:31:21
But you used to have, like you know, your, your WAN company, a
00:31:26
firewall company, low balancer company.
00:31:29
They had all these different companies that did different
00:31:32
things and that worked in a world where lots of compute and
00:31:38
applications and users are kind of like we're together.
00:31:41
And back when I was building that NT networks for lawyers,
00:31:44
like it worked because, like the lawyer, the server, the
00:31:49
application, the data was like kind of all on the land, right,
00:31:52
but we've seen 10 years of like cloud and SAS and whatever.
00:31:58
So now in this world, like things are super, super
00:32:01
distributed, you've got users all over the place, applications
00:32:06
all over the place, data all over the place, and cloud has
00:32:09
worked well for that, like using cloud environment.
00:32:12
I hate saying cloud is just basically automation.
00:32:13
So automation's worked well for like building, like dynamic
00:32:18
sort of store and compute.
00:32:19
And the internet works really well for making it possible for
00:32:23
you to be anywhere.
00:32:24
You've got 5G, you've got all these things.
00:32:26
But if you're asking that question like what's that common
00:32:29
problem is, I think like, for some reason, like networking and
00:32:34
security has been the laggard where the way people solve
00:32:38
problems.
00:32:39
Back when I was building NT networks and even, like you know
00:32:42
, when I was at, you know, when I lived in New Zealand, we had a
00:32:47
, we hosted applications, we had our own data center I hope to
00:32:50
like build a data center and stuff and we had like a racket
00:32:53
you know racks of servers, that model of like okay, you got an
00:32:57
application and you got a user here and then in between them
00:33:00
you just got to put these functions and you normally do
00:33:03
those functions with like VMs or boxes or something like that.
00:33:07
You have to choose where they run.
00:33:08
Like that sounds very common, right?
00:33:10
They're like we're trying to use that model in this world
00:33:14
where now the application, the user are everywhere, and so
00:33:18
you're like oh so I guess we just need more of those boxes.
00:33:21
And that doesn't work well.
00:33:22
Like like I talked to a big European bank that runs like
00:33:27
75 firewalls and they're in internal network, and so, like I
00:33:35
talked to another bank in New York that was saying the other
00:33:38
thing is like classic thing was we, you know, we have this
00:33:41
clouds great, we can spin up a developer environment in 30
00:33:45
seconds, but then it takes like six weeks to get them access to
00:33:48
it because the change tickets to go through, like the 12 control
00:33:51
layers and the four season.
00:33:53
So that to me, is like the common problem in our industry
00:33:59
today is that, like networking and security has like been this
00:34:04
laggard, and I think of like, and when I say not security
00:34:08
broadly, but like sort of security that you do in the
00:34:10
network and because the network is like such a point of
00:34:12
visibility for that that has been this laggard and we like we
00:34:17
need a new model, and I think this new models we're calling it
00:34:21
connectivity cloud.
00:34:22
I mean, that's where the marketing people come up with,
00:34:24
but it's not terrible but the idea being that you can have a
00:34:29
more ubiquitous set of controls so that they you can have the
00:34:33
same controls and they can be in , they can be in all these
00:34:36
places in a orchestrated way.
00:34:40
I think that is this challenge that a lot of folks are running
00:34:42
into, and you talk about complexity where they've, like,
00:34:47
over the last 10 years, like they added a bunch of cloud
00:34:49
environments, added sass.
00:34:50
They did all these things and now, like you try to like make a
00:34:54
change, like get a developer access to the development
00:34:57
environment and take six weeks like that's crazy.
00:34:59
Like things have gotten so complex.
00:35:01
Like got to find a way to make it simpler and consolidating the
00:35:06
number of vendors to is a big part of that too.
00:35:08
But like and then go into DevOps and you know DevSecOps
00:35:12
and all that stuff and automating.
00:35:13
That is really important.
00:35:14
But I think, like, the fundamental problem is that,
00:35:17
like we took the network stack from 25 years ago and we just
00:35:21
tried to, like you know, copy paste it out to like every
00:35:25
environment we have a data server or server or a chunk of
00:35:29
data and now, and that doesn't work well.
00:35:33
That's a long winded thing, but that's that's like.
00:35:36
That's literally like the thing I've been working on for 10
00:35:39
years at cloudflare.
00:35:41
Speaker 1: Yeah, I mean it's.
00:35:42
It's crazy how complex these environments can be.
00:35:46
I'm sure if if that bank ever leaves that firewall vendor
00:35:50
they'll be, their stock will really take a hit that day, you
00:35:54
know there's some.
00:35:56
Speaker 2: there's some sales guy on the yacht somewhere who's
00:35:58
loving life because of that deal, but yeah, whatever.
00:36:02
Yeah, it's on the island, doesn't serve that doesn't serve
00:36:06
the, doesn't serve the bank, doesn't serve the bank's
00:36:08
customers, and you're like there's got to be a better way
00:36:10
to do this.
00:36:10
Yeah, that is so.
00:36:12
Speaker 1: That's so insane, you know it's.
00:36:15
It's been tempting at times to go over the sales, the sales
00:36:19
route, but I just don't want to do it.
00:36:22
Yeah, I don't want to do it, I don't believe you know I should.
00:36:26
Speaker 2: Yeah, I wouldn't push anyone that direction.
00:36:28
I was just thought when we were , when I was building solution
00:36:33
engineering team, my whole thing was you could find sales people
00:36:37
that were, far more than you know, marginally technical, or
00:36:41
you could find engineers that like to talk to people and my
00:36:44
whole strategy was like, I wanted to hire engineers that
00:36:46
just like to talk to people.
00:36:48
That was, and I think you, it really varies by company and
00:36:53
what you're working in and stuff like that, but that was, that
00:36:56
was our strategy with the solution engineering team.
00:37:00
Speaker 1: I mean it makes a lot of sense.
00:37:01
You know, it's not very common that you find someone so
00:37:05
technical, able to, you know, talk to a customer, you know,
00:37:09
without having any issues, without stumbling around and not
00:37:12
being un talkative and not being too talkative.
00:37:17
You know, you got to have got to have a certain level of
00:37:21
communication skills, I guess, to be able to be successful at
00:37:24
that role.
00:37:28
Speaker 2: Yeah, it's an interesting role, To be honest.
00:37:31
I stopped leading that team two years ago and it's even more
00:37:35
mature now.
00:37:35
They have more sophisticated leaders who have done this more.
00:37:40
So it's not only being really structured and thinking about
00:37:45
how you not only do you have to have good EQ and be able to
00:37:49
communicate, but having us structured, a way of trying to
00:37:54
extract out what's important to the customer.
00:37:56
What are they trying to solve for Ten different ways to ask
00:38:00
the same question because you will know this, and every
00:38:04
engineer knows this, which is people tend to come to you and
00:38:08
say do X.
00:38:10
Instead of just saying yes, you should probably ask what are you
00:38:13
trying to accomplish?
00:38:14
Because what you've come to me with is you've come to me with
00:38:18
an implementation.
00:38:19
You've come to the expert and told the expert just do this
00:38:24
implementation.
00:38:25
What you should come to the expert with is I'm trying to
00:38:29
accomplish this outcome.
00:38:30
What do you recommend is a way to do that?
00:38:33
That's a much healthier way, but try to do that in a
00:38:39
non-combative way.
00:38:40
You're like oh okay, you want X , but tell me why you want X.
00:38:42
What are you trying to do?
00:38:43
What are you trying to accomplish?
00:38:45
And then, when they say something, you're like, oh okay,
00:38:48
well, we could do X, but there's this other thing we
00:38:50
could do and it has these benefits.
00:38:53
What do you think of that?
00:38:54
You're like, oh wow, that's great, you guys are helpful.
00:38:56
That sort of conversation repeated five billion times.
00:39:04
Speaker 1: Yeah, absolutely so.
00:39:08
I guess in security and even more of the general public, I
00:39:13
guess every maybe let's call it once a quarter, right, we see
00:39:17
Cloudflare and the news in a good way, right, for once, we
00:39:20
see a security company in the news for something good, right,
00:39:25
and it's always Cloudflare.
00:39:26
Stopped X attack, right?
00:39:29
Or X DDoS attack.
00:39:30
That's the new largest DDoS attack ever.
00:39:34
One, how are these attacks measured?
00:39:37
Because I'm seeing was it 398, 400 million requests per second,
00:39:44
which is pretty insane.
00:39:46
That's hard for me to picture even what that is, what that
00:39:49
looks like.
00:39:50
And two, how in the world is Cloudflare able to do that?
00:39:55
Right, because I feel like no one else in the world can do
00:39:58
that.
00:39:58
I mean, it's numbers that are hard to imagine, right?
00:40:03
So how is that even possible?
00:40:06
Speaker 2: Well, it kind of goes back to that point I was making
00:40:08
about like building things in this like very distributed way.
00:40:12
For the engineers in the audience you'll appreciate this
00:40:16
that Clubhouse is the first company to really build a big
00:40:20
anycast network, sort of reverse proxy, and so about 20% of all
00:40:28
domain names on the internet today are behind Cloudflare, so
00:40:31
we're already running in a big scale.
00:40:32
And then you think about like how if you don't mind me getting
00:40:36
technical for a second, but if you think about like how you
00:40:40
would interact with a website or it's like a web application or
00:40:44
an API from your phone, et cetera First thing is you look
00:40:47
up a DNS record, you get an IP address, you connect to that IP
00:40:51
and then you do like a layer seven request for, or you
00:40:56
establish SSL and then you do HTTP generally.
00:40:59
But traditionally when you look up an IP address, it was like
00:41:06
your phone number on the internet.
00:41:07
Right, it would exist in one place.
00:41:09
And this was the big problem with DDoS back in the day was
00:41:14
because you had like one address to attack.
00:41:16
You could the first D and DDoS is distributed and you could
00:41:20
build a botnet that's all over the place and it could
00:41:22
concentrate and attack in one place and just knock it over.
00:41:24
And it's sort of like the law of averages here, like one
00:41:29
person can never fight off right , like I don't care how bad as
00:41:32
you are, like if enough people come at you and you're just one,
00:41:37
like there's nothing you can do about it.
00:41:39
And so what?
00:41:40
The?
00:41:41
Even the founders of Cloudflare actually, from the very
00:41:43
beginning, did this.
00:41:44
When we have IP addresses on the internet, we advertise them
00:41:50
from all of our data centers at the same time.
00:41:52
So that's, like you know, 300 different data centers now.
00:41:56
So what is weird is that the that it'll be that IP will be
00:42:01
out in a data center.
00:42:02
The same IP will be a data center in Dallas and one in
00:42:05
Moscow and one in Auckland, new Zealand, and Sydney, australia,
00:42:09
and wherever else.
00:42:10
And so when you've got this distributed botnet that's
00:42:13
launching an attack and it tries to attack the IP address, it
00:42:16
actually ends up hitting the look the like the closest one
00:42:20
and that sort of low balances and attack out in that way.
00:42:24
And so, and as you mentioned, like, we just on Tuesday had a
00:42:29
big announcement where we basically did a responsible
00:42:33
disclosure of this new crazy zero day vulnerability in the
00:42:38
HTTP protocol that is leading to just these crazy world record
00:42:44
attack types.
00:42:45
But luckily we're able to work together with some industry
00:42:50
peers and the goal really is to try to get everyone patched and
00:42:54
sort of on top of this.
00:42:54
But I do think that it represents this sort of like
00:42:58
step change where we're going to start probably seeing a lot
00:43:02
more layer seven denial of service attacks than we have
00:43:06
seen in the past.
00:43:09
Speaker 1: Wow, that is, that's really interesting.
00:43:12
You know, I've never I guess I've never thought about it
00:43:17
quite like that, where DDoS attacks were very successful
00:43:21
because they could focus, you know this, this huge like army
00:43:27
of devices on a single point.
00:43:29
But by eliminating that single point it doesn't really matter,
00:43:34
right?
00:43:34
Because, yeah, you can take down, let's say, you take down
00:43:37
one, right?
00:43:38
Well, we have, you know, 300 other data centers or CDNs,
00:43:43
right, that are projecting the same thing out there.
00:43:45
So, good luck taking all of that down at once.
00:43:49
Speaker 2: Yeah, you want to distribute your defenses just as
00:43:51
much as the like the.
00:43:53
The attack is distributed, so that's, that's really.
00:43:57
The trick is like you stop a distributed attack with a
00:43:59
distributed defense.
00:44:02
Speaker 1: Wow, that is.
00:44:03
I mean that makes a lot of sense.
00:44:05
It's just I can't believe it's.
00:44:07
I mean I don't want to call it simple, you know, but I can't
00:44:11
believe it's that simple of a thought behind it, right?
00:44:15
Because I just always, I don't know, I didn't think about CDNs
00:44:19
in that way of being able to be used to load, balance the
00:44:23
traffic like that, but it makes.
00:44:25
It makes complete sense as to why you can do that.
00:44:29
Speaker 2: Yeah, the, I mean one .
00:44:31
I don't mind calling things simple, because I think the most
00:44:33
brilliant things are simple.
00:44:34
They also are very.
00:44:35
Some brilliant simple things are really hard to pull off.
00:44:38
But I would even say, though, that this idea of doing anycast,
00:44:44
where you're advertising over BGP, the same IPs in different
00:44:47
places, is Cloudflow is essentially one of the first
00:44:50
companies to do that for stateful protocols like TCP, and
00:44:56
, historically, you know, we actually we hate being called
00:45:01
the CDN because we're like, oh, it's like calling a car an Astra
00:45:03
, like your car has an Astra in it, but like we have a CDN, but
00:45:07
we do a bunch of other things, the.
00:45:11
But the way that, like I guess, the other players that have been
00:45:13
in this market for a long, lot longer, what they did was they
00:45:17
would load balance with DNS.
00:45:18
So if you, if you looked up the IP address, you know, do a DNS
00:45:25
lookup, you would get a different response depending on
00:45:28
where you were.
00:45:28
So they did only have single IPs in one place, but they would
00:45:32
just give different IPs to different people, and that
00:45:35
generally works, because that's another way to sort of low
00:45:38
balance.
00:45:38
But if, if you, instead of attacking, like a domain name,
00:45:43
you would, and where you're resolving it and getting
00:45:45
different IPs.
00:45:46
If you just attacked a single IP then you could still like
00:45:49
load up on it and by having the IP itself advertised in
00:45:53
different places with any casts that like it raises to then like
00:45:56
the next level up.
00:45:58
And plus, not to get too much in the details, but with DNS
00:46:03
giving different IPs, you run into these like replication
00:46:05
challenges.
00:46:06
And how long is it going to take for sort of DNS queries to
00:46:12
fall out of caches and stuff?
00:46:13
I'm sure you've seen this before as well.
00:46:15
Anyone that's learned sort of IP config commands you know to
00:46:20
flush your DNS cache.
00:46:21
You know why.
00:46:22
So that's the, that stuff.
00:46:25
Speaker 1: Yeah, that is such a headache, especially when you're
00:46:27
you're trying to like deploy a proxy and it has other settings
00:46:31
on it.
00:46:32
It's not taking the new stuff.
00:46:33
So frustrating and just like it makes, it makes the product
00:46:38
look a little bit worse to the organization because it's like
00:46:42
oh, this is supposed to be flawless.
00:46:43
You sold it as flawless.
00:46:44
You know it's always.
00:46:47
It always makes for interesting situations, those small nuances
00:46:51
like that.
00:46:53
Speaker 2: But those are where you this is where we learn right
00:46:55
, like when, like we're forced to make something work and
00:46:57
you're like this isn't working, my mental model didn't function.
00:47:00
It's like right back to our first conversation, which is
00:47:03
like how do you get yourself in the position where you have to
00:47:06
learn how something, how how something functions at at like,
00:47:10
at a very basic level.
00:47:12
Speaker 1: Yeah, absolutely.
00:47:13
So you know where.
00:47:17
Where is cloudflare going, because I feel like cloudflare
00:47:20
has been around for a while now.
00:47:21
You know and cloudflare has always been known, as you know,
00:47:26
that that, that DDoS protection right, that CDN, almost right.
00:47:31
Where, where do you see cloudflare going as a whole?
00:47:35
Are you guys working on new offerings that you plan on
00:47:38
releasing in the future?
00:47:39
Are you stepping into other other domains and needs of
00:47:44
security?
00:47:45
I would imagine that if you do go down that path, you'd
00:47:49
actually be pretty successful at it.
00:47:51
You'd have a good product.
00:47:52
You'd have, you know, provide good quality to the, to the
00:47:56
industry, because of your track record with what you're doing
00:47:59
already.
00:48:00
Where are you guys going?
00:48:03
Speaker 2: Well, so when I started 10, over 10 years ago,
00:48:06
we had we had some basics protections for web applications
00:48:11
, right, and so you think about this as sort of like and and for
00:48:15
for many years we were just sort of expanding out like what
00:48:18
you could do.
00:48:18
So, whether you're talking about web apps, to other things
00:48:22
like TCP and UDP, but like, basically, how do you shield an
00:48:25
application from DDoS?
00:48:26
You can do load balancing, rate limiting.
00:48:29
Then you start to like fraud detection, bot management, all
00:48:32
this stuff.
00:48:33
But from the very beginning, cloudflare is sort of like a
00:48:36
networking and security company and I don't like oversimplify.
00:48:40
Networks connect users to applications, and we were doing
00:48:43
that first part, which was protecting applications.
00:48:46
And then back in 2020, like sort of like right around the
00:48:50
time COVID came out, we started launching a set of services for
00:48:53
protecting the users, because you're like, okay, we're on this
00:48:56
, on the, on the, where, the network, so that's a lot of sort
00:49:00
of forward proxy, protected DNS as the email, phishing
00:49:08
protection, like there's, there's a ton of stuff you can
00:49:11
do there, like DLP, et cetera, so that security side.
00:49:14
And then we also, at a similar time, launched more network
00:49:20
services.
00:49:20
So we, we can do, we can protect sort of site to site.
00:49:26
We can replace your WAN and we can do like firewall there, like
00:49:30
IPS, ids, things sort of in the network itself.
00:49:32
And to me that's really cool, cause you've got like, okay,
00:49:36
wherever the user is, you can.
00:49:37
You can get all the protections for the user.
00:49:39
Then you know on cloudflare, and then the cloudflare itself
00:49:43
can be the network that carries the traffic to wherever it's
00:49:47
going with the network services, and then you protect the
00:49:49
application itself with the application stuff.
00:49:52
So that's sort of where we are today.
00:49:55
And then if the interesting thing, the where we're going
00:49:59
sorry, give me the long answer of this is how did we build that
00:50:04
?
00:50:04
Well, right, we, we, from the very beginning we had built this
00:50:09
idea of running the same things in all these places, et cetera,
00:50:12
in this natively distributed way, and so to make our own
00:50:17
developers productive, and so, like we have a developer that
00:50:20
will build, like you know, they'll build a new load
00:50:22
balancer, they'll build a new, you know, deep pack inspection
00:50:26
capability.
00:50:27
We didn't want them to think about how, how that, like where
00:50:32
to run it.
00:50:32
Like, do they deploy to Dallas or Moscow?
00:50:35
They just deploy it to the network and it runs everywhere
00:50:39
and that's, that's super compelling, like it literally
00:50:41
runs all over the place, and so there was all this work that
00:50:43
went into building this sort of like natively distributed
00:50:47
environment and we finally were like, oh, customers probably
00:50:50
want that too, and so that's turned into this like this whole
00:50:55
serverless platform, and I think that's the the unknown
00:50:59
future.
00:50:59
But like if the world starts really developing things in
00:51:03
serverless, that becomes like super compelling.
00:51:06
But then we're like competing with, like Amazon and Google.
00:51:09
So that's a if that, if that plays out well and the sort of
00:51:15
industry moves the direction we are, that's a big future for us
00:51:19
also.
00:51:20
So it's a long answer to your question.
00:51:23
All four areas, I think, have futures, but that's some of them
00:51:28
are we've been doing for a while and other things we're.
00:51:30
We're just sort of like ambitiously, sort of stretching
00:51:34
into.
00:51:35
Speaker 1: Yeah, it's really interesting seeing all the
00:51:38
different tech trends and you know where they go and
00:51:42
everything like that.
00:51:42
And you know the past couple of years, every company that I've
00:51:47
been at, every company that I've even talked to or know people
00:51:50
at, they're all going serverless right and they're kind of
00:51:53
dipping their toes in the water right now with serverless my
00:51:58
current company they're probably the most serverless that I've
00:52:01
that I've seen.
00:52:02
Yet you know they go like serverless first.
00:52:05
You know so it's.
00:52:07
It provides interesting challenges, especially for you
00:52:11
know someone to just learn the serverless side and like kind of
00:52:15
wrap your head around that.
00:52:16
It's a whole.
00:52:17
It's a whole other like game that you're playing, that you're
00:52:21
trying to figure out and you know from a security
00:52:23
professional, how do you secure it, how do you make it easy for
00:52:26
your developers and everything else.
00:52:28
So it just it opens up a whole other can of worms, I guess,
00:52:32
which is really interesting to see Cloudflare go into.
00:52:35
That, you know, because as this space is kind of evolving and
00:52:40
growing and turning into a more mainstream, you know, deployment
00:52:45
approach, it's really interesting to see Cloudflare,
00:52:48
you know, also identify that and say, oh, you know what, why
00:52:51
don't we take this tech and move it into this, but we have to
00:52:54
build it from the ground up, you know, for this architecture,
00:52:57
because that's the only way that anything runs in this in this
00:53:00
serverless world.
00:53:02
Speaker 2: Yeah.
00:53:03
Yeah, it's just sort of like if we say that one's moving from
00:53:07
sort of centralized things to very distributed, where this
00:53:11
network that helps like move, you know, connect to your user,
00:53:14
to your application, no matter where the user is, where the
00:53:16
application is.
00:53:17
But then, like the logical, if things get really distributed,
00:53:21
the logical like next step is like there are certain things
00:53:23
that you don't even want to run in your data center, like can
00:53:25
you just make them run in the network themselves, and so I
00:53:28
think that's what we're starting to see is like there's certain
00:53:30
use cases or even like storing of data, like we have a, we have
00:53:34
a like an S3 compatible object storage, and so we're finding
00:53:39
like some AI companies are using that to hold their training
00:53:42
data and they can like move makes it really easy to like
00:53:45
take the training data to whatever cloud they're using to
00:53:48
build their LLM and that kind of thing.
00:53:50
So there's just certain use cases that make sense just to
00:53:53
put it in the network itself.
00:53:54
And that's that's exciting.
00:53:57
When you start thinking about serverless in that way, going oh
00:54:00
okay, and also from you and I like thinking about like making
00:54:04
something super available at low latency, you're like oh okay,
00:54:07
before, if I wanted something to be available, I had to.
00:54:09
I had to, you know, have a master with a slave and like
00:54:13
manage orchestration et cetera.
00:54:14
And then, if I was lucky, I'd have two or three instances
00:54:18
where, if you can like deploy to a serverless environment like
00:54:21
Cloudflare, you're like, oh, there's now literally like tens
00:54:24
of thousands of incidents, incidents or incidents of it
00:54:28
running, and I don't have to orchestrate it at all, like
00:54:31
it'll, just it'll, sort of like that's part of the platform.
00:54:34
That's really cool.
00:54:38
Speaker 1: Yeah, it makes for a interesting future, that's for
00:54:42
sure.
00:54:42
We'll trade, you know we're.
00:54:44
We're unfortunately at the top of our time here.
00:54:47
I feel like I go another two, three hours with you, but you
00:54:52
know I got to respect everyone's time, especially my own.
00:54:54
I'm sure my wife will kill me if I stay on any longer, but
00:54:58
before I let you go, you know why don't you tell my audience
00:55:01
where they could find you, where they could find Cloudflare, if
00:55:04
they've been living under a rock for somehow, you know, for the
00:55:07
past 10 years?
00:55:07
And yeah, you know, give them all that good information so
00:55:11
they can they can learn more if they want.
00:55:14
Speaker 2: Yeah, well one.
00:55:16
Thank you so much, joe, and thank you to your wife for
00:55:18
lending your time.
00:55:19
This has been.
00:55:21
This has been a blast.
00:55:22
I could I could chat with you for ages.
00:55:24
You can find Cloudflare at cloudflarecom, and actually
00:55:28
where I recommend people start is blogcloudflarecom.
00:55:32
We got a really, really good blog and, and if you want to
00:55:36
just geek out on some stuff, there's a thing called
00:55:39
radarcloudflarecom and the radar will.
00:55:42
You can get stats on like IPv6 versus four and what kind of
00:55:47
DDoS attacks are happening, which countries on which
00:55:49
networks.
00:55:50
There's some, there's some really cool sort of like real
00:55:53
time dashboards of the internet, and if you want to find me, you
00:55:58
can find me on LinkedIn.
00:55:58
It's probably the best place to get a hold of me and I would
00:56:03
love to connect with folks and answer questions and hopefully
00:56:06
you and I will meet in person sometime soon, joe.
00:56:10
Speaker 1: Yeah, absolutely, that'll be great.
00:56:11
Well, thanks, trey, and I hope everyone listening to this
00:56:16
episode enjoyed it.
00:56:17
I will have all of the links down in the description of the
00:56:20
episode.
00:56:20
Make sure you go check them out .
00:56:22
Thanks, everyone.