EP. 32 Rethinking Multicloud and Modern Architecture with Peter Vanlperen

Matt Pacheco
Hello everyone and welcome to the Cloud Currents podcast. A podcast that navigates the ever-evolving landscape of cloud computing and its impact on modern businesses. I'm your host, Matt Pacheco and I'm the head of content at TierPoint. Today we're joined by Peter Van Iperen, a pioneering force in cloud security and technology leadership. Over 25 years of experience at the forefront of cloud adoption. Currently serving as the CISO at OWN company, he brings a wealth of knowledge from his roles at major organizations including CLEAR, 21st Century Fox and TD Ameritrade. As an adopter of cloud and a security expert, Peter offers a unique insight into the challenges and opportunities facing modern cloud computing. In today's episode, we'll explore some of those trends like multi cloud security challenges, impact of AI, the evolution of cloud architecture, and more.

Matt Pacheco
We'll also discuss trending topics that are very interesting to our listeners and to many of the other guests we've had in the past on cost optimization and managing in a challenging landscape when it comes to cloud talent and development. So we want to welcome you to Cloud Currents. Peter, thanks for joining us.

Peter Van Iperen
Glad to be here, Matt.

 

01:30 - About Peter Van Iperen and OWN Company

Matt Pacheco
Awesome. So we're going to jump right in and ask you a little bit about your personal journey from where you started to where you are right now. So tell us a little bit about yourself.

Peter Van Iperen
Sure. I fell in love with coding actually when I was eight, which is weird. I didn't really start coding what we would think of as coding until I was 12. I'll date myself here a little bit. That was Turbo Pascal back in the day. I don't even know if people listening will know what that is, but it was a language at one point. But I was eight and I was given a weird school project where we had to do something with a program called Logo Writer. And while everyone else made like little pictures, I, I went nuts with it and created this whole like animation of like a, a lander landing on the moon, a guy getting out and all. And the teacher was like, what are you doing? You're supposed to be picture. I'm like, yeah, I can do so much more. Cool.

And that's how I fell in love with basically computers and coding. And from there, you know, I started, I learned to code when I was 12, really learned to code, know logical structures, et cetera, and then moved on to start coding professionally in my late teens and then rose up in a couple of startups, exited successfully there, went over to Ameritrade, helped optimize kind of a loss leader division there. Automated the heck out of it before that was really a thing to do. And also at Ameritrade is where I really started to expand more into kind of the security side of things, more into early cloud adoption, really heavy into DevSecOps before DevSecOps was like a term people were using and automated deployment systems.

And from there went over to find Fox was, you know, head of cloud and cloud security, deputy CISO kind of wrangled the wild west of cloud all across Fox, moved over to Disney, went from there was managing partner of a consultancy for two years, which is its own interesting stories. It is a, it is a. I, I recommend everyone should do some consulting in their career, especially if you can stick it out and kind of get your hands into a bunch of projects. I probably saw the inside of 150 different companies in a two-year span which is like its own lifetime of experience. Squished in right just to see how all these different companies operate and think about things. And then from there went on to clear as deputy CISO head of trust and product-oriented security.

And then from there went over to own. And I'm here now talking to you and it's been an interesting journey. And I like to say that really being very useful in technology and security is a multidisciplinary function. And I think having this kind of broad experience across technology, across cloud, across DevOps, across security and product has given me this kind of multidisciplinary ability to really drive success in the roles that I take on. And it's something again, I encourage people often they're like, hey, I'm looking for something new to learn. What's the new cloud thing I should learn? I'm like, don't go learn how to develop a product. Go learn how to do a code security review. Go learn something outside of your wheelhouse and it will expand what you can do within your wheelhouse.

Matt Pacheco
That's pretty cool. We'll get into more advice like that later. I love hearing input from leaders on that. Listening to your story, I'm really curious what got you into. So you started in programming. That's where you started. What got you into kind of the cloud security piece specifically? Like was there a specific interest you had or how'd you end up there?

Peter Van Iperen
You know, it's a funny story. So I, you know, having started coding so young people make interesting decisions. So there might have been some gray decisions back in my day those I won't talk about in a podcast. But you know, so security for me, and the evolution of technology, moving away from kind of hardware materials towards software was something that was always something I was deeply interested in and kind of just ingrained in me. And when I was in Meritrade, I had several different teams reporting to me. So were hiring for different positions. So broadly, in about a year I interviewed 100 different candidates. And they weren't long interviews, they were managerial interviews. But in each interview I would ask two questions. One was related, they're both security related.

One was related to security, one was related to basically security and like, you know, software based design of like infrastructure, basically like cloud, right? Cloud was emerging now. AWS was like the service that was selling. There are plenty of companies out there, like you know, OpenShift and Pivotal and stuff who were trying to wrap cloud away from people because it was. It's too hard, right? So I asked these hundred questions. I got one correct answer and it was partially correct from a guy with former Naval Intelligence experience. And it still wasn't like really technical. And that to me was when I really was like, okay, I'm going to make a hard shift into this because this is the future. And that's where I started teaching at nyu. That's where I started kind of developing internal curriculums for teams.

And that's where I kind of started shifting towards, okay, this needs to be a democratization, right? If we keep going down this path, everyone's going to go and adopt cloud. But no one's going to know how to use cloud, no one's going to know how to secure cloud. Because all of the current knowledge is incubated in the idea of on prem routers. And it was really cogent to me that I kind of picked the right direction when I was at Fox. There is a story there that's kind of great. There were some amazing networking folks who had been around forever, like networking data center infrastructure. And were trying to retrain them to work on the cloud because they've been great resources for years and we want to, you know, preserve those resources.

And in one training I went through a whole bunch of stuff and how, just the basics of like how AWS works and like, you know, knackles and security groups and just basic networking in aws, right? And then literally I had someone ask me where they plug in the networking card and I'm like, okay, so from the beginning, right? And I was just like, I like this not there, right? Like I like, this is done for you. This is shared responsibility, right? And so I Think that, that was really when I kind of made that choice and kind of steered hard into that. And, and for me, it wasn't a hard choice either because these are things I already like, intimately cared for and were pat and was passionate about. So it was easy to just kind of transition in that direction.

Matt Pacheco
Really interesting. Can you tell me a little bit about the company you're currently at? Own?

Peter Van Iperen
Sure. So OWN was just acquired by Salesforce, which is exciting. OWN basically is a company that takes SaaS products, Salesforce ServiceNow, Microsoft Dynamics, basically products that are notoriously difficult to back up and preserve data in the cloud, in the SaaS shared responsibility model. And we back up data very effectively and efficiently. We allow for it to be archived, we help secure the platforms and we even take the data that you have backed up and allow it to fuel, speaking of future trends in the future, your future. Right. So we let it be utilized so you can look at a time series of your data for the past five years and see how things have changed and let that fuel your lm sorry, ML and AI models.

I still, the LLM AI thing is still new to me because I've been dealing with ML for so long and I'm like, I don't, I'm still not sure it's AI, but we'll talk about that later. But yeah, it can fuel it and the products are really exciting. It's one of the few. I love all the companies I've been part of, but it's one of the few tech companies I've seen where the product truly sells itself. Like, there is not like hard marketing that's done. There's not. It's basically just like, here, try the product. And then people don't want to do without it. And it's interesting. Just gave a talk recently, we pulled this statistic. So there's, you know, customers are outgrowing with Salesforce acquisition, but There are about 7,000 ish customers a little more major organizations know around the world, governments, et cetera.

And one of the things that's always asked is like, well, it's backup, right? Like, so, you know, people think of backup, especially in the cloud, like, I'll just throw it in the bucket. I'm never going to use it, I'm never going to do anything with it. I just, I need to have backup. It's a compliance requirement. Turns out, Steve fat fingers, a lot of stuff. We have 7,000 customers. As of October last year, were on pace for doing over 14,000 recoveries. With our 7,000 customers. So it is a product that is used frequently, to say the least. And it also is something that I think as a security practitioner, cloud practitioner, SRE DevOps, whoever's listening to this, that you should really pay attention to. Right?

Because the idea that you are going to set it and forget it with your backups, that's not the world we live in anymore, right? Most attacks now are really looking to damage things in one way or another or create integrity issues in one way or another because it interrupts and denials. So you should be prepared to restore from what you back up. And I think that's something really important to think about in the cloud. One last thing I'll opine on, if you'll allow me, is the consistent mythology of IAC that I've seen exist for probably five years now where someone goes, well, we're in the cloud and we have iac, so if everything falls down and US east one goes down, we'll just pop back up in US west two. And no you won't.

Because I've never seen anyone be able to take their IAC in any real complex system and actually version it correctly to actually step through the IAC steps, to actually go and deploy a new environment in like a couple of hours, maybe days, maybe a week or two if you're lucky. But the idea that just boop, boop boop and it works, that's not, it's not, we're not there. And a lot of it's because I think people still have a very rough understanding of iac. So I just, sorry, I just want to pine on that. But that's like a thing that really irks me when I hear that from people. It's kind of like, do you ever test it?

 

14:17 - Challenges in Multicloud Environments

Matt Pacheco
How, how often do you test it? Really interesting. And I think that helps set up some of the questions I'm going to ask you about your thoughts, possibly how you help customers, but then also how you do some of these things yourselves. So from a multi cloud perspective, or hybrid for that matter, it's very challenging and you probably work with a lot of customers who are working across multiple cloud environments, multiple public cloud environments. What are some of the biggest challenges that they face when managing some of those environments?

Peter Van Iperen
I mean, I think the quite largest thing is vocabulary, right? And I know that sounds silly, but like vocabulary is really complex and the current multi cloud environment reminds me of the early browser wars. It's not infrequent. Even now that we have Terraform that you have to write different lines of IAC for each environment, it still can't be fully abstracted. And it really adds a level of complexity, especially around networking, co located services, shared services. So think things like secrets management, key management, you know, backups across individual systems, movement of data. There isn't really a good mutual backbone that can be built or set up across the individual cloud services. And even if you can get them to talk and coordinate, you're then speaking different languages within each of them.

And yeah, it's funny, I was actually having this conversation last night with a colleague of mine at a dinner and were saying that it's almost like if AWS is Spanish, Azure is French and GCP is Portuguese, right? It just keeps getting more complicated. Gcp, you know, and that's not to knock on gcp. I think GCP is a very valuable tool. It's just there they kind of have all tried to assert themselves in different directions instead of unifying. And I think it creates a lot of developer confusion and not to mention the networking challenges and the backboning challenges. But the issue of being able to secure across all those clouds is much worse because what normally happens is similar to being, you know, bilingual, trilingual, right? Most people are not right. And so they are raised up in AWS or Azure, gcp. Pick one.

Maybe in the odd case, I don't know, Oracle cloud or IBM cloud, if that's still running around somewhere. And you know that is their first language, right? That is what they speak natively. And so then in their head they're translating everything they're doing in the other cloud into that cloud's vocabulary. Everything does not match up. If you're good at it, you've been doing it for a while, you know where the edges and corners are. But the naive folks who are doing it, they don't. And they're creating insecurity, they're creating frailty and resilience issues and they don't know it, right?

And then the worst part is when those things happen and then your Azure systems that were set up just like your AWS systems and should be standing up, fall over, they don't know how to also cope with that because the way to deal with that is also different in an Azure environment, right? And so I think that really is a fundamental issue that, look, there need to be multiple clouds, there are people who want to use different flavors, there are reasons to use the different clouds, there are edges in technology, there are integrations that work better. The idea that like AWS or Azure, GCP is going to be the last guy standing. It's not going to happen. Right? It's just not. There is no like everyone will adopt this.

So I'm actually a big proponent of the idea that they need to all start kind of speaking the same language and like we've actually started to see some of that. I was very encouraged to see AWS is really hard engaging in kind of retooling their EKS and their Kubernetes infrastructure and Fargate infrastructure so that it works much more like GCP infrastructure and like native Kubernetes as opposed to the kind of tacked together version of Kubernetes that they built with their original like ECS infrastructure. If that makes sense. I might have gotten a little too in the weeds for some listeners but like trust me, it's a good thing. You won't have to go through every single update of Kubernetes to get to the most up to date anymore. Things like that are a good thing, right?

Matt Pacheco
Like yeah, you actually answered my next question of how containerization, particularly Kubernetes has impacted things like multi cloud security. Can. Is there anything more else you can say on that?

Peter Van Iperen
I think in a positive way I think it is creating a commonality amongst developers and I think it's creating a more consistent work stream. I, I think the idea that born a lot of like was born from a lot of that was oh well if I build it for EKS and AWS I, I can just lift and shift it over to AKS in Azure. No, not really. Like a little bit, but not really. But it does allow developers to start thinking in a similar language and as the systems both Azure and AWS are getting better at abstracting more towards Kubernetes control and less towards individual cloud control, I think it is starting to improve. Right.

And I think like again to liken this to the browser's word because I'm an old guy, this is akin to the rise of jQuery and then that progressed into Angular and then now we're at React and most of the stuff that you do in a web browser is abstracted away through React and it's handled under the hood. Right. And I think that's where we're headed with Kubernetes. I think the other place we need to see that headed is with Serverless which I think is also improving. I think the language variability, the support, the packaging support. So the stuff that's come around for that in the last Several years has drastically improved as well. And I think that's where we're going to really get the biggest juice out of, you know, our ability for using the cloud.

And also later when we'll talk about a cost optimization.

 

21:35 - Cloud and AI Insights

Matt Pacheco
And you got a little bit into this by talking about Kubernetes. You mentioned cloud insecurity by this whole translation between the cloud environments too. Are there any other solutions that you see emerg for kind of this cross cloud security standardization?

Peter Van Iperen
Yeah, I, you know, I think that some of the tools that are out there now are getting much better. Like I'm very happy about wiz. I'm very happy about their purchase of daz. I think that's going to improve WIZ drastically. Not that WIZ is bad. WIZ is frankly much better than some of the other solutions that I, that are out there that are I, to be fair, trying to now play catch up. Right. So I think that the industry is moving in the right direction. I do think, well, I think that AI and ML is not exactly the iRobot, you know, future that some of us want to believe in.

I do think that I remember sitting in a conference room like a big dinner probably like 15 years ago and it was talking about, I know the brand but it won't name it, but it was a major brand of seam. And it was like we're adding machine learning and AI. It's going to change how everything works. It's going to do it right, like 15 years ago, right. And I think you saw this in a lot of areas like 15 years ago, right. It was the beginning of like NLP really developing sentiment analysis was coming out from like Stanford and things like, it was like okay, we can actually do some meaningful ML. There was the computer vision breakthrough in the late 90s, right. That happened with you know, random forest as opposed to, you know, trying to do guided learning and everything.

So like there was this walk of okay, we're going to get into ML, we're going to have all these things work and we had some things kind of work and we had a lot of things that were promised and didn't work. And I think where we are now is we actually have enough compute power and enough understanding of agents and models themselves to actually go do some of these things now. So I think what you're going to see, sorry, this is getting into our trends prediction, but I think what you're going to see in the next five years or so is really heavy integration of AIM and ML, basically looking at policies and standards and ways things should be secured and basically like bad configurations.

Like CISA just released a set of bad practices which I thought was like, there's a little double edge there, we could talk about that, what I think's going on there. But regardless, I think having something like that and then having an agent sitting in the cloud basically being, no Matt, you can't do that. That's bad. No, I won't let it happen. No, right, like just stopping it dead there and then being able to give you feedback. Because I think that's the biggest problem we've had systems for years, especially in the cloud with robust APIs and you know, the kind of rules based systems that exist there. Because everything is code, right? To basically say like, Matt, you can't do this thing, or Matt you put that thing out, I'm going to go kill it 30 seconds later because it's no good.

What you haven't had is something to go find out what the hell Matt was trying to do and then get Matt to be able to do what he needs to do in a safe way. And I think that's going to be a huge change that you see coming in the next five years with the rise of actual useful machine learning.

 

25:21 - AI’s Role in Cloud Security

Matt Pacheco
This is a great segue into the next section because we really want to talk about AI, cloud operations security. So you kind of talked about it a little. What you see, how you see it, AI transforming cloud operations security. You just talked about five years from now. Is there any changes you're seeing right now? When I say AI, that's kind of the umbrella. Like you have large language models in there, you have machine learning which has been around forever. That's kind of getting the, a fancy new friend. But how do you see AI transforming cloud operations and security today?

Peter Van Iperen
I think that the two biggest things you're going to see very immediately emerging, so six months to two years is, and some of it's already like coming out, it's in its infancy, is reducing the noise. Right. We spent a lot of time making sure we had enough signal because were for a long time drinking through a straw, flying blind. Things had been built for 20 years and you have no idea what's going on in those systems. And then went the other way and we're like, well now we have billions and billions of data points and we have Steve to go through them. So that is a completely different problem. Right.

And I think that big data problem and reducing the noise to actual meaningful signal is going to be one of the bigger things that you see because there's tons and tons of activity to monitor. I think the second thing is you're going to see simple investigations, simple actions. Basically a lot of the busy work of security, a lot of like Matt or Steve showed up today and decided they took their stupid pills this morning and wanted to do a bunch of stuff and distribute extract three security team members is going to go away and go towards the machine learning world. And I think the last thing that you're going to start to see too is like personalization, right? Which sounds weird but I think that one of the biggest problems for instance with iam, right is like should Matt have access to that?

Well, Matt's part of this team, okay? But Matt never does those things. So it's weird that Matt is doing that even though he's part of that team. I need to know Matt, know that team, know all this stuff. However, a system that all it does is lurk and watch that knows that I don't have to know that and I don't have to be up at 3am to stop whoever's impersonating Matt from doing what they're about to do.

And so I think that's those are like the drastic changes you're going to see and there's a bunch of companies circling around those things and I think you're going to see a number of those start to emerge as winners and I think that's the beginning and then it's going to just keep pushing farther right towards that kind of co piloting I was talking about and into the idea too of like I, I eventually will be able to just say I want this built and it will go build it and then I can check it. And then what I think will really be interesting is competitive agenting. This is like a really esoteric concept.

But they have, you know, some of the major AI organizations are working on this for like trust controls and things like that are going into some of the like GPT like products. And then you're also seeing this in some emerging research towards like how you can try to hack systems and see whether they're hackable or exploitable or not. And so the idea of like competitive agenting where like you have one agent trying to do one thing, another agent trying to do the opposite, or like check its work or specialize in one specific segment of doing a larger orchestrated task I really think is going to be the largest juice we immediately squeeze out of the kind of new emergence of ML and AI, it's not going to be, you know, Artificial Peter talking to you.

I don't think that's where we're headed for quite some time. But I think the idea that we can get a system that builds a system in the cloud and then can attempt to hack that system from seven different specialties in a coordinated fashion to see if there's any vulnerabilities that were left by the system, and if it were, then integrate those corrections into rebuilding this, like that kind of stuff that I think we're going to see in a very short period of time.

 

30:14 - Risks and Limitations of AI in Security

Matt Pacheco
It's a lot of exciting upsides potentially to the new technology. What are some limitations or potential risks, you see, with relying on this AI for cloud and security testing and all that?

Peter Van Iperen
I mean, look, it's gonna make mistakes, right? I mean, that's number one, it's gonna make mistakes. The thing is though, humans make mistakes. The thing is, humans stuff falls through the cracks. They don't pay attention. They have a bad day. So as much as AI is gonna like, miss humans, miss. Now, the difference is humans generally, I say generally because every once in a while they take the wrong phone call and shut down a whole casino, right? But generally speaking, they take the wrong phone call and one person's identity is stolen. So their impact is kind of limited, right? AI the real difference there is there's going to have to be limiters around it to make sure that it can't have a large, broad impact when it does make a mistake.

So it's going to really have to truly be like, trust but verify, right? So, and that's the thing is like going back to the competitive agents. Can you have five agents agree that this is a good idea? Right. I think the other thing that you're going to see is poison, right? People are going to poison agents. They're going to find ways, they do constantly. It's the biggest attack vector that exists right now. And it's not going to be necessarily poison, like it's going to destroy everything. It's going to be like, I'm going to poison it so it leaks, you know, system diagrams out to a hacker to hack your. Your system, right?

And then I think the biggest risk of all, and this is, like I said this in a couple of other conversations, is like, look, for the next three to five years, hackers are going to have the edge. We need to strap in. We need to double down on really handling the fundamentals and the basics and designing well and building tight security into things by default, configuring securely by default. Because for the next three to five years, hackers are almost always early adopters compared to enterprises for technology. They are going to have the edge. You see the rate of attacks increasing, in some cases 7, 10, 20, 100 fold. The number of scans, the number of things that are going on.

We know that hackers are already out there, not just using standard bot networks anymore, they're using agents and coordinated orchestration across like LLMs and other ML to basically do broad coordinated attacks. We know it's happening and it's going to continue happening and there's going to be novel attacks as we introduce AI and they introduce AI, they're going to find new ways to screw with our AI and they're going to find new ways to use their AI to screw with our traditional stuff that we don't foresee right now, which is not dissimilar to the rise of the cloud attacks. There were services built into AWS that made perfect sense from security modeling and how you would think about security 10 years ago that are completely toxic now.

If you were to leave them on, and I think you can't leave them on anymore, but you could for a while. I think we can guess a couple of things I'm talking about and you can pop entire accounts using that. And that's not something you thought about 10 years ago. And so we are living in a place where basically it was like the late 90s was like, oh my God, we need to encrypt stuff. This is all out in the open. Man in the middle is everywhere. This is like, we need to lock this down. Then it was like cloud and infrastructure and it was like, oh, the infrastructure is not in prem anymore. I can't physically look at it. We have to figure out how to software define all this.

Oh, that means we need to figure out how to secure all the software definition of all this. And now we're at this new precipice where we're going to see fully novel attack vectors that we have not seen before. And I say that with the one caveat. They're new. But every new attack vector that we've seen, honestly in the last, in like my career, if you go back historically, is based on something that's been going on forever, right? Like the first kind of Nigerian prince email per se, they found a letter I think from like the 1400s that was like a literal Nigerian prince scam, right? Like it's been going on forever. It's just Twisting it into the new technology. Right. So the question will be how does the new technology recombine it? Right. And that's the thing is like AI.

I was just talking to a colleague last week. They asked AI to build some circuits. They built something that as humans were like, this will not work at all. It worked in a completely bizarre fashion that was based on like some like understanding of like the radio waves that were existing within the air and therefore somehow making the circuits function wirelessly together. So like I'm probably losing the thread of the story here, but basically like you and I would look at that diagram and be like, nah, not gonna work. And then you built it and it was like, we're good and you got rid of one and we're like broken working what is happening here? Right? Like, right. So it will find things that are novel. Does that make sense? But it's use the pieces of things that exist to do that.

 

36:07 - Cost Optimization and Cloud Management

Matt Pacheco
Wow, that's really interesting. I've never heard of that angle before. So thanks for introducing something novel here. Very interesting. So I do want to shift to cost optimization as well. We can talk about AI all day and we probably will talk about AI in a few minutes again. And all these new technology advances some from a cost optimization resource management perspective. I'm curious about your strategies you found most effective managing a team. Managing cloud for optimizing cloud costs.

Peter Van Iperen
So I think there's three major tenants that I, I'm always concerned with cost compensation. One, you never built. No one has ever built anything right sized. What? So by default assume you are not right sized. Also stop assuming that something will explode. Build things to scale as opposed to like, oh, but we're gonna, if we just get this one article, we'll have a million. Yeah, okay, get the article. See what comes in scale. So that's one, Two is know. Know what your costs are. So many companies don't know what their costs are. And then they're like, oh my God. And not only is it important to know that so that you can figure out how to right size and where you're spending money.

Because often the other thing I see is like systems that have a feature like, you know, a feature that's like not used, that doesn't really do anything that like one user is using, but it's a really robust search feature. Requires a huge instance to just sit there all day in duplicate and drain money. And one person's using it so often. When I say right size and understand, it's not just about knowing like what the traffic is and everything else, because that sometimes can hide things. But actually understanding what's going on in your systems and how much things should cost and what they're being used for. And that ties into two. We've caught attacks plenty of times through financial data and not through system data. Right?

So we have someone who comes in and starts sprawling crypto miners, but they're disguised to look like search appliances or something else. Right. But we know that's way too much like, that customers would never be using. That shouldn't be scaling like that, it's scaling too rapidly. Those are indicators. And then I think the last thing is to really bring in some sort of automation. Sorry, Autumn, try this again. To bring in some sort of automation and optimization to really understand this scale of what's going on in a way that's not human generated. Humans are really bad at understanding the traffic and the analytics of their systems. Most humans best way of understanding that is looking at a picture. But often that picture is very incomplete in scope because the broader the scope, the harder it is to see the information in the picture.

So this is where automation and optimization and ML really come in to be helpful. And I think that there are some really interesting companies out there that are really starting to find dynamic ways to really understand your systems in those kind of ways that I just discussed, as opposed to just like broad baseline, like traffic in, traffic out, memory spikes, things like that. But really understand what's going on. And you're seeing more interesting things like can this be used? Can we, can we look at what the system is doing? Maybe it is that search appliance that's running. Right, but can we do that on reserve systems? Can we do, can we do, can we manipulate how we are deploying this to reduce price? Can we change the structure of what this is functioning on to reduce price? Not just size up, size down.

So I think that's where it's, it's going. And I think that the last thing I'll say is like, I think people really need to understand how they cut up their systems, which is a bigger, more fundamental problem. And not just lift and shift. I've seen so much lift and shift in my career, I'm sure someone else has talked about that. So I won't like opine on it, but I think the other part of it is like the worst thing I've seen is systems that are built cloud natively, but in ways where it was clearly built by someone who doesn't understand the Cloud, Right. So you're like things I've just broad highlights of things I've seen throughout the years. Like walked into one company and they had 500 message queues. Sorry, 500,000 message queues, one message queue per customer.

And I'm like, that's not the point of message queuing. Why is there privacy issues there? Like why are we doing this? Right. You know, thousands of serverless files for like working and talking to each other and creating complex like redis data passes. When I'm like this should all just be one function sitting on like a Kube container, right? Like, like so like really understanding the patterns and how you're building your systems is really important to under, to being able to optimize that cost. I've very rarely seen huge blown costs where the systems are designed correctly. Right. And so while you can bring in something to help automate that at the end of the day when you realize that you have to go do the work.

Matt Pacheco
Yeah, that's excellent advice. I really like you. How you just kind of created a new term, automization, Automating and optimizing. I mean that's pretty good. It's a, it's a cool term and it means something. It's. It's kind of cool. But I digress. So thank you for that and the end, the guidance on some of the optimization strategies and all of that. Next. I do want to talk a little bit about engineers and team development before we wrap this up. So how do you see the role of cloud engineers evolving over the next few years with all the changes that you mentioned earlier?

Peter Van Iperen
So I think I've been a long proponent of this. I think that we need to get away from the idea of a QA engineer, a cloud engineer, a security engineer. Everyone needs to be an engineer, right? Like, and I think that's part of the problem that I see more broadly in our industry in tech. I've written quite a few pieces, ironically talking about like consultancy and tech and everything else and differing between that, between like lawyers and doctors and things like that. But one thing that I do see in those other practices that lacks in tech that kind of irks me is this over early specialization, which is a weird thing probably to talk about on a show like yours. But I'm going to go there anyway is when you're a doctor, you're a doctor, you do all kinds of rotations.

You might become a psychiatrist one day, but at some point you're in a room delivering a Baby, right? There is a set of fundamental understanding and skills that you broadly have. We don't do that well in tech at all. You go become a coder or a programmer or it and like now it's even like networking versus like corporate it. And then like there's data center and then there's like software specialization, like encrypted and you know, specializations like that. Like there's all this over specialization that comes in and people coming in from these different paths. And that's fine. We need people, right? So it's good. I am a proponent. I've hired, I have people who I hired out of boot camps who are now like vice presidents places. They can be very successful. That is not what I'm saying.

What I'm saying is that the future of our industry is that everyone has to have at least a brass tax understanding of how the cloud works, how AI ML works, how to code, how to do qa, how to do security. These are fundamental skill sets. Because otherwise what you're doing is you're just creating problems for other doctors. Imagine if you went to an ER because you were having appendicitis and your doctor in their exam just like broke your leg, right? Like that is a bizarre picture. But that happens all the time in tech, right? Someone comes in who doesn't know how to do this other part, and they just create problems in the other part. Someone else has to clean up. We're cleaning up our own messes most of the time.

And so I really think the future of development and talent development really has to be this idea of creating quote, unquote engineers, right, who have a broad understanding and then specialize or if they are specialized now, like, again, get out of your comfort zone, go learn the other skill sets, go understand those. It will improve what you do on a daily basis. You'll stop breaking legs when someone comes in with an appendix at the very least, right? And I think that's really the most important thing. And I think that when we say that there is not enough talent out there, right? I think the most dangerous thing is to say that, like, one of the things I hear all the time is like, oh, well, like, you know, I can train someone to do this job in like two months.

It's like if you could train someone to do the job in two months, that probably shouldn't be a job that's part of someone else's job, right? That's not a job. And so we have to kind of look at that and really Start thinking about what are we getting people to do, how are we utilizing talent and how are we growing and developing talent. And I think that's really like the biggest part of it is that we don't leave time to develop talent. We just are like go deliver, deliver, deliver. And it doesn't matter if everyone in the ER was walking out with broken leg, like we'll pay for the insurance for that or whatever, right? Like it's not a good approach. I don't know that exactly is where you thought I was going, but I.

Matt Pacheco
Think that's spot on. I actually had a follow up question because you're getting into my next question. What approaches have you at your organization and throughout your career taken to upskill existing talent team members? Because like you said, it would be ideal to have this engineer who can do all of these things. But how do you go about growing those skills? Because you know best. The cloud and security world are ever evolving. There's new things that we have to learn. So I'm curious about your approach.

Peter Van Iperen
I think one is actually educate and guardrail. I think a lot of people do one or the other or neither really well. So one guardrail actually allow people not to break things, give them safety zones to actually educate. And when I say educate, I mean educate, right? I know it sounds weird because you're busy in your work, but I'm telling you, two days of something that feels more like a college course that's hands on, where someone's actually learning how to do something and apply something is going to be way more valuable than the 25 semi compliance oriented videos you make them watch on some topic. Right? And I think that's really the biggest thing people also many people in our broadly across technology are self learners, right? That's, that's what brought them into technology, that's what makes them grow in technology.

Enforce that, give them outlets, give them pluralsight, give them udemy, give them some tool to go learn more. Right? Give them money to take outside courses and make them not just courses. This is something I've always done with my staff. It's like cool, you work on this in security. You want to go learn about disaster recovery that technically has nothing to do through day to day. Great go. Blessed God, you want to go take a python class? Great, go. Done. Right? Oh, you want to go take like an AWS class even though you do corporate infrastructure all day for us. Great go. Right. You need to broaden that and have that understanding and you need to encourage that as companies. One of the things I think that sometimes models this the best is going back to disaster recovery.

I gave a talk on basically the fundamentals of disaster recovery. And one of the things I cover really broadly is the fact that most often we don't infuse enough randomness. So we create some dictated event, we react to it, we pat ourselves on the back and we're like, oh, that's good. I'm like, that's not what happens in reality. When stuff goes, it goes to shit. Right? Like, that's what happens. Bad and weird things happen. So next time you do your disaster recovery tabletop, walk through whatever you're doing, roll the dice in the room, and if someone rolls an odd, they stay in the room. If someone rolls an even, they leave the room, figure it out. That's what's going to happen in a real disaster.

And if everyone in there is so overly specialized and the network's crashing and you have no one who can do the networking and you can't reach their backup, what do you do? You just shut down, right? And I think that people. It's funny working in consulting, like, there are stories I could tell you where I've walked into companies who hired us, and they were like, please help. And I'm like, what happened? And they're like, so, and so quit, like, okay. And they're like, and this thing is broken and no one knows how it was built, how to fix it, what to do with it, where it is, lives, you know? And I'm like, okay, well, aren't the rest of your people engineers? Yeah, I don't know what to do. Okay, let's recalibrate, right?

Like, you know, and so, yeah, I mean, and I've seen really straight. I, I, I had one person I worked with one time. They did not know how their code got out. So they came and started working at this organization. And at the previous job, it was so overly specialized and abstracted away that they committed their code to Git. And then they were like, okay, I'm done. And we're like, what are you talking about? It's got to go pipeline. It's got to be tested. And they're like, I don't know what you're talking about. That just how I committed to Git. And it shows up like three hours later. And we're like, what magic do you think is three hours? Is there like a fairy that runs around?

And so it's, you know, that is the danger of kind of not really leaning into that kind of broadening of talent. Does that make sense? Yeah.

 

52:18 - Future Outlook and AI’s Impact

Matt Pacheco
And that's great advice for anyone listening. I mean, that probably applies to so many different aspects of the cloud world and engineers and all that. So thank you for sharing that. I'm going to ask you one last question so we can. Because we're going to wrap up here. Future Outlook. What are you most excited about in your world? You talked a little bit about developments and security in platforms and AI, but what are you personally most excited about?

Peter Van Iperen
I am most excited about the fact that AI is going to force us to do one of two things. Either standardize the big data problems we've created so that it can work with machine learning, or the machine learning is going to abstract away our lack of standardization into something that is standardized, that gives us signal. And I mean that broadly, not just in security, but in cloud, in marketing, in legal, in the legal world, in finance. It is going to take away all of the noise and start to give us the essence of problems and allow us to actually do impactful work faster. It's going to allow us to build expertise faster. So I think everyone is concerned that like this is going to replace jobs. And again, I go back to. I think that your job is unfortunately part of a job.

It may, but if your job and you brought in your skills is finding solutions to problems, which is most jobs, I think that AI is going to enhance your ability to become expert, have expertise or become expert in solving problems faster. It's going to strip away all of the stuff that probably doesn't matter, which honestly most expertise is about being able to see a problem and know the 45 things not to try first and the two to try first. And I think AI is going to help enhance that for everyone. And I think that's literally the thing I'm most excited about because I think it's going to allow us to win in a bunch of places where we haven't been winning. So things like tech debt, things like ransomware, places like that, where we've been losing the battle.

And in cloud places like how do you create IAC in the cloud, there will be some standardization or some ability for it to standardize for you. Right. Write it in whatever language you want and it will just work or something like that. And that is, I think going to be phenomenal because it will cull a lot of the time suck that we all experience from these things and kind of push us into a place where if you work 40 hours in a week, maybe you even work less. You're having an impact for 35 of those 40 hours as opposed to 20 of those 40 hours and you're spending the other 20 hours banging your head or doing busy work or standardizing things or fingering through data to find a pattern to then investigate things like that.

Matt Pacheco
That's an exciting future and I hope it all works that way because it'll make us more efficient even outside of it. And I come from the marketing world so I can already see the optimizations there. So thank you for your insights on that and thank you for your insights in this entire episode. I feel like I learned so much from you and we appreciate having you on Peter.

Peter Van Iperen
It was my pleasure. I can't thank you enough. This is Conversation.

Matt Pacheco
Thank you. And for our listeners, thank you for tuning in. Check out our podcast on YouTube and anywhere you get your podcasts and we will see you soon. Thanks for listening.