Karissa Breen [00:00:16]:
Welcome to KB On the Go. This week, I’m on the ground at NetApp Insight 2024 Conference of the MGM Grand in the heart of Las Vegas. For this bonus series, we’ve been lucky enough to have lined up conversations with the selection of NetApp executives and other guests exploring the future of data and AI. Stay tuned for the insight track from some of the world’s leading authorities presenting at insight 2024 as KBI Media brings you all of the highlights. Joining me now in person is Kristin Van Derami, vice president global government relations at NetApp. And today, we’re discussing the importance of government relations and public affairs. So, Kristin, thanks for joining and welcome. My pleasure.

Karissa Breen [00:00:58]:
Thanks for having me. So, Kristen, I’m aware that you represent NetApp in front of congress and executive branch agencies, as well as government bodies around the world, etcetera. You were just talking to me about before we jumped on to record, to support NetApp’s policy and position. So talk us through what is all of that look like? It may may make a little bit more sense to your role. Sure. So my job is to represent NetApp in front of governments around the world.

Kristen Verderame [00:01:24]:
In some cases, that’s supporting corporate policy. We have corporate values that we actually do live by, which is very refreshing. And so there are a lot of, programs that we support around the world, including on diversity, where governments design specific programs. We participate. We provide advice and guidance. So we do a lot of participation with the governments to support things at the corporate level. In addition, I work a lot with our public sector teams around the world to support and build their long term pipelines. So in a lot of cases where NetApp sales field people work with the technology folks within government agencies, I come in at a bit higher level to talk about the larger government programs, the larger government missions, and how we can support at the strategic level in addition to simply the tech world, if that makes sense.

Kristen Verderame [00:02:19]:
So for example, an AI a company has an AI strategy. Build out AI across their government, digitalize their government. We’ve done that with governments around the world. Sure. So we offer our advice and, support for figuring out how to do it right in the first place. We know we’re not we’re not worried about getting business out of it then. We know we’re gonna compete and do fine when they eventually do what they’re gonna do because we’re in the mix. It’s sharing that global expertise and that deep experience with digitalization and kind of that tech infrastructure.

Karissa Breen [00:02:50]:
You spoke before about logic government missions. Mhmm. What is your version of a logic government mission? So I’ll give

Kristen Verderame [00:02:59]:
you an example where we have a really good sweet spot with a government mission. So, for me, I think of NetApp’s sweet spot as being what I call the magic five. Any situation where an agency has to use a lot of data in their mission, where it needs to be shared across traditional stovepipes that exist, where it needs to be done really quickly and securely. And typically, governments don’t wanna rip out all their kit. They wanna be able to get something that’s in interoperable. So in those types of missions, that’s really where NetApp can really shine. One of those, to answer your question, is Space Force. Okay.

Kristen Verderame [00:03:35]:
The US Public Sector Organization, we support, the new service, if you will, called Space Force, stood up under the Trump administration. So Space Force collects a ton of data through satellites all around the world. Some of it’s surveillance data, where we’re watching what’s happening around the world, feeding it into our intelligence community and our defense mission. Some of it is is simply tracking things in space so that we don’t run into it and ruin our equipment. It has tracking tons of data, not just data within the Space Force and the Department of Defense itself, but also uniquely to Space Force, the commercial industry. Mhmm. The government gets a lot of data from commercial industry SpaceX and those types of organizations now. So they the traditional stovepipes are not just within the government, but also without in that instance.

Kristen Verderame [00:04:19]:
If you’re gonna track garbage that’s floating around space, it has to be done real time so you prevent that real time collision. If you’re gonna be helping a service member who’s in the field with medical help, that’s needs to be mission critical, time sensitive. It’s also personal information for so national security reasons, personal information for medical security or medical situations. All of it has to be done quickly, securely, and real time, and that’s our sweet spot. So that would be a government mission that we would support. And in terms of how do

Karissa Breen [00:04:50]:
you interact with, you know, the government under the relation side of it? Like, what does that actually look like?

Kristen Verderame [00:04:57]:
Well, it depends. If we’re supporting a mission, for example, I’ll use the VA as another example, the veterans administration. 12% of NetApp’s employee population is veterans. So it’s an area that we actually personally care very much about. We work with all different parts of the agency on their suicide prevention mission. Okay? It’s an AI based mission. The more data they collect, the more accurate they’re gonna be and the more former service members they can help. Again, it has to be done real time.

Kristen Verderame [00:05:27]:
Pretty darn important to save people’s lives. It’s across a lot of stove pipes. So my job is to figure out, okay, who within the VA is in charge of different parts of that mission, and then helping the company develop relationships at that level and supporting them to whatever degree we can. Whether it’s from a technological standpoint, a strategic standpoint, or even mission based through our our veteran internal veteran community.

Karissa Breen [00:05:52]:
And when you say develop relationships at that level Mhmm. What what does that look like in terms of specifics or day to day sort of outcomes? So working through the network that we’ve established from our government relations world, getting in

Kristen Verderame [00:06:05]:
to meet with the government official in charge of the program. Okay. Volunteering our services to help them with strategic, planning, and then following on with their staff or whoever’s doing that to have those conversations. So starting out usually at the mission level saying, hey. We have that expertise that can help you do your mission better. And then working with them to whatever degree they want over time builds those relationships. And then for the next project, the next mission they have, they know who we are. They know they can turn to us as a trusted partner.

Karissa Breen [00:06:33]:
So with that in mind, Kristen, how does that type of work shape NetApp? But then if you wanna zoom out like our society, for example.

Kristen Verderame [00:06:41]:
Well, veteran suicide. Right? And we have a lot of veterans in this world that are coming struggling with a lot of problems. Finding and identifying that they need help as early as possible is a mission that we gladly support. As I said, 12% of our employee population is veterans. So it’s an area that’s really important to us in general.

Karissa Breen [00:07:00]:
Okay. I wanna flip over now to you being quite instrumental in building up the the c cell or secure by design pledge 1. So maybe tell us more about this. Sure. So about a year, I’m going to guess two and

Kristen Verderame [00:07:15]:
a half years ago now, Director Easterly, who she’s the director of the cybersecurity and infrastructure security agency or CISA sits within the department of Homeland Security, came up with a framework called Secure by Design. And the point of this was to encourage manufacturers of products to ensure that their products were secure upon manufacturer before they’re given to the end user. As opposed to spending the money in development on bells and whistles and extra fun things for tech, and having the end user have to worry about security. So it kind of flips the mindset Mhmm. Putting the responsibility on the creators of tech as opposed to the end users. So that program has been built out probably over the last two and a half years as I said. Working with industry, I chair the industry advisory group at CISA called the IT sector coordinating council. And we work with CISA to figure out, okay, where’s the government mission? What do they wanna achieve in this? And what can we as a tech community actually do? Whether it’s for technological reasons, balancing our own financial resources and investment, lining it up to find that win win.

Kristen Verderame [00:08:23]:
So that in the end, we all want the country to be safer. We all want government and critical infrastructure to be better and safer as you and I have talked about before. We have to work together to get there. If the government just says, go do these things and we really can’t, then nobody gets anywhere. But if we work together to figure out how we actually can achieve those goals, then that’s what we do. So that was the program Secure by Design that was stood up. Earlier last year or earlier this year, CISA came to us, the industry advisor group, and asked us to work on a pledge the industry could sign where they commit to these principles in kind of 7 specifics goals, cybersecurity areas. We worked with them to craft the language so that the industry could sign up to it.

Kristen Verderame [00:09:04]:
The earlier drafts, no one would have signed up for it, but we made it in the language that we could live with from a legal standpoint, right, as you’re putting yourself out there with other industry players and the public, and also the tech, the seven goals to make sure we were on board with those of the right goals. We did. We aligned it. And at RSA last May, we signed on as did about 85 other companies. Now it’s up to over 200 signatories for the secure by design pledge.

Karissa Breen [00:09:30]:
So when you said before, language that companies can understand, do you mean in terms of removing a lot of that legal jargon that when you’re signing up to, like, t’s and c’s on, like, a social media platform being labeled as a lot of, quite convoluted in how it’s written?

Kristen Verderame [00:09:45]:
Sort of, it’s same idea, right? Our lawyers don’t want us to sign up to something that can get us into trouble later. Right. So the original language of the pledge was we will for sure go do

Karissa Breen [00:09:54]:
all of these things. Right.

Kristen Verderame [00:09:56]:
If we as a company or any company comes out and says that to the public and then something should happen down the road Mhmm. We can get in trouble with the SEC, the FTC, customers can sue us. So we really didn’t wanna have any kind of firm commitment like that. That would not be appropriate. So the language we agreed on was that we would work we would in good faith work toward these goals, which means good faith means you have to actually have a plan. You have to do something. But some of these goals are ones that we can never necessarily ever cross off our list. One of them is eliminating entire classes of vulnerabilities, which I know you know all about.

Kristen Verderame [00:10:31]:
Okay. Insider threat, phishing. Sure. We’re never gonna be able to get rid of all of those things. That’s not gonna happen. But as long as we have a plan to mitigate them to the best we can, that’s what CISA was looking for and that’s what we could sign up for. So finding that language where it actually meets what we can actually do Mhmm. And what we’re okay from a legal standpoint signing up to publicly.

Karissa Breen [00:10:52]:
So going back to your earlier point around companies perhaps focusing too much on the bells and whistles Mhmm. Going back to secure by design, why do you think companies are so

Kristen Verderame [00:11:01]:
focused on bells and whistles? Because they wanna sell stuff. And that’s what customers look for, is bells and whistles. They don’t actually sit there and say, is this secure enough? Can you buy

Karissa Breen [00:11:10]:
your excuse me, question there.

Kristen Verderame [00:11:11]:
I think they’re starting to. But when you buy your laptop is the first thing you do look for, oh, what security protections are on this laptop? No. You probably say, well, what the version of the software I’m getting. Right? What’s the level of the operating system? You’re not checking the security stuff. You’re buying it for what we call the bells and whistles. Mhmm. But we’re trying to flip that so that even if you buy something because of bells and whistles, it’s gonna be secure anyway. That’s the goal.

Karissa Breen [00:11:36]:
Well, example, I’m thinking when you’re speaking at the top of my mind is, like, a modem, wireless modem. So it’s like, they all get manufactured. And then, of course, you know, telcos, they’re not, like, regulated to be like, hey. We need to buy the most secure manufacturing device. Right. And then when you have to, you know, manually change the settings in terms of the, SSID, that’s a manual configuration.

Kristen Verderame [00:12:00]:
And there’s the password. Right?

Karissa Breen [00:12:01]:
They put a default password after. Correct. And you really need to change that. Cybercriminals already know in terms of the syntax. Right? Yeah. So is that gonna if I just focus on telcosmab for a moment, is that gonna start changing?

Kristen Verderame [00:12:14]:
Well, it’s interesting you say that because now that we’ve done a secure by design pledge for software manufacturers It doesn’t. We are now working on a secure by design pledge for OT, IoT devices. Right. So same idea. So when you get that modem, is it gonna automatically force you to switch the password? It should. Right? Those types of things that by default make it more secure Right. Before you even start using it. Because when

Karissa Breen [00:12:36]:
I start to talk to people about that, they’re like, what? They’ve even heard of that. Yeah. So if we start to embed that from even that manufacturing level, we could resolve a lot more problems. 100%. But then the problem is, Kristen, that’s not as profitable for companies. Because just arbitrary, it costs $5 to to make the un you know, unsecure modem, but then it’s gonna charge an extra $10 on top of that to have a more secure modem. Companies aren’t gonna like that. So how do you think the pushback gonna go?

Kristen Verderame [00:13:04]:
I think it depends on the company, and I think depends on their overall sales platforms. So I’ve always said security should be a market differentiator. Right. It’s something that really matters. Mhmm. Does it matter that your refrigerator is super smart and secure? Maybe not. But if you’re serving government or critical infrastructure, those are missions that actually require security. Mhmm.

Kristen Verderame [00:13:26]:
So it’s in fact, CISA’s hope that we will advertise that we signed on to this pledge and we’re doing these things to get our customers to buy our products. They think that actually will matter. And I think in some instances it does. Mhmm. I’m really happy to say that NetApp has a fantastic security portfolio. I’m very comfortable chairing the ITSC and representing security, because we really put our money where our mouth is. On Tap, our main flagship product has so many security bells and whistles to use our term again, already built in, already turned on for customers that we’re already so far down the road from where a lot of other companies are. So it makes me very happy and comfortable to be able to talk about things.

Kristen Verderame [00:14:09]:
Like, yes, it should be built in because we have already built it in. Sure. But it depends on the company. Right? What is their own cost benefit analysis? What do they wanna be known for with customers and that sort of thing?

Kristen Verderame [00:14:19]:
So just to extend on this a little bit more, so I’m away with, you know, the the secure wide design pledge 1 is aligning with the White House National Cybersecurity Strategy. Mhmm. So how do you see this evolving now over time? Well, what CISA has tried

Kristen Verderame [00:14:34]:
to do is put a little bit more meat behind the pledge, meaning, okay, you’ve got these 7 very generic goals. What do you mean by that? So getting rid of entire classes of vulnerabilities, what do you actually know? What are the classes of vulnerabilities? What are they? What are the best practices out there that maybe bigger companies can share with the smaller ones who signed up for the pledge? And then looking at the rest of the ecosystem. Right? We started with software, moving on to IoT. What about the supply chain? Right? There’s a lot of work the government has done to require a secure supply chain in order to sell to the US government. That is gonna make its way into commercial requirements as well. So it just has becomes more additive and more additive and additive as they put more meat to expand what are those seven principles mean.

Karissa Breen [00:15:25]:
Joining me now in person is Michelle Rudnicki, president US Public Sector at NetApp. And today, we’re discussing leadership in the US Public Sector. So, Michelle, thanks for joining and welcome.

Michelle Rudnicki [00:15:35]:
Thank you for having me.

Karissa Breen [00:15:36]:
Okay. So, Michelle, can you share a little bit more about leadership in the US public sector? I know you’ve got quite a strong background in this space. So perhaps tell us a little bit more about your role now at NetApp.

Michelle Rudnicki [00:15:48]:
Okay. So so my role at NetApp is quite interesting. Right? Because, at NetApp, first of all, we are involved with data. Right? That is really the foundation of what we do. And I have worked with public sector customers largely on the federal side, but across our state and local governments, health care as well. And so working with those types of customers, data’s of the utmost important to them. Right? It is everything that they need to support the missions, whether those missions are supporting, social services to get, you know, citizens what they need, or something supporting a DOD mission or a police mission or or something like that. So it’s really interesting being at NetApp, being able to work with this segment of customers.

Michelle Rudnicki [00:16:33]:
And from our customer standpoint, what I love about public sector or working with public sector customers is they are 100% about their mission. Right? So different than people who work for companies where it’s like, okay. Ultimately, we’re all trying to make a profit or things like that. Are the leaders in public sector looking to do something to make a difference in people’s lives? So it’s very rewarding from that standpoint, and it’s very it’s a little bit different in terms of the leadership that you work with on on the customer side.

Karissa Breen [00:17:00]:
And on that note, Michelle, would you say people who are driven by mission as you just described, you think it gives people that that bigger purpose perhaps on knowing that you’re on a mission, this is what we’re doing. And you can sort of start to see that impact perhaps even if it doesn’t feel like that immediate impact, but you’re starting to sort of move towards that greater impact. How you have you noticed that then working in the public sector?

Michelle Rudnicki [00:17:20]:
So I think, you know, what what you find is a lot of people are public sector for their, you know, whether you’re in sales or or services, you tend to support public sector customers because that because you almost take on the mission of your customer as opposed to, you know, people who do a career working with commercial companies. Right? And every industry has its unique characteristics, but it really is for public sector people stay in it because of the mission. Right.

Karissa Breen [00:17:46]:
And just focusing now on you as an individual and on the mission, what what drives you then on on that front? Or what has historically driven you in what with in terms of what you bring into this role

Michelle Rudnicki [00:17:56]:
at NetApp? So what’s driven me is working with our customers, they really are all about them their mission and making a difference in people’s lives, whether it’s to develop the latest and greatest in technologies and get that infused going across everywhere, or what they have to do for cybersecurity. So if you look at an organization in the US government like CISA, right, you know, their mission is to improve the cybersecurity portfolio of the nation. Not just the government, but of the nation in working with companies to make sure that the concepts and that there’s a framework there available for companies to participate in. So being able to park be a participant in some of those kinds of initiatives is is really what does drive me and what’s made me stay with public sector for this long.

Karissa Breen [00:18:45]:
And in terms of how do you navigate all of that in terms of like managing leadership, like, with within NetApp, but then also driving that into the US public sector? What would be your sort of strategy

Michelle Rudnicki [00:18:56]:
to that? When I when I look at, you know, what I do and and we all look at our calendars, right, and you say, okay. How much time do I spend on different things? I think for for me, I look at the industry. Right? And it’s matter of participating in some of the industry organizations that that are helping, our public sector customers to move forward or or doing a relationship building between technology companies and the government, as well as what I have to do in order to run our business on a day to day basis. Right? Driving sales teams, making sure that we’re supporting customers, we’ve got the right set of customer success managers, and the like. So it allows me to do a a a variety of different things, but also do it in conjunction with our with our public sector customers.

Karissa Breen [00:19:41]:
Okay. So I wanna sort of switch gears now a little bit and talk more about distributed and diverse data. So perhaps let me frame it as as public sector agencies manage increasing amounts of distributed and and diverse data or data as you would say. So what role does sort of NetApp’s intelligent data infrastructure play then, in terms of enhancing the data security? You’ve sort of touched on that slightly. Yep. But then also the the governance side of things.

Michelle Rudnicki [00:20:06]:
Yeah. So, you know, as technology has evolved, as the technology landscape has evolved, like, so have our so have our government clients, and and NetApp has been a partner with the government for over 30 years now. And so we worked with agencies to help them to implement the infrastructures that they need to traditionally support customers that, you know, that being on prem. As their landscapes have evolved, we’ve helped them to move into, like, hybrid but cloud environments. Right? Because we know the government, like all customers, have initiatives to move to cloud. So our intelligent data infrastructure really helps them to build out so that they can they can aggregate their data, whether they’re doing it on prem on prem in a couple of different places in the cloud or wherever they need to. Right? And so where it’s really starting to help them is they need to take, the government has a lot of information, right? And so if any of you have ever gone, right, and you go and you fill out a form with 1 department. It’s like, okay, I just went to the motor vehicles department and I fill out all this information and yet, okay, now I want a permit and now I I go to the next department, I fill out all the same.

Michelle Rudnicki [00:21:15]:
So being able to aggregate that and be able to take advantage of the data that they have in different systems to be able to serve citizens better is is where you see them kind of moving and migrating.

Karissa Breen [00:21:26]:
That leads me to my next question around migrating to the cloud. So I saw George Curran, CEO of NetApp speak earlier as well as your chief product officer. So perhaps I wanna sort of follow this talk track a little bit more around many public sector organizations in the process of migrating to the cloud. However, we wanna balance that with security requirements. So how does NetApp, in your view, support these agencies in making that sort of transition happen?

Michelle Rudnicki [00:21:54]:
Yeah. And so I’ll again go to the foundations. Right? We’ve worked to ensure that we’ve got the most secure products in our on prem environment. So we’ve done testing and certification testing around ISO standards, DOD standards around common criteria. In fact, we are the only storage vendor to have our the NSA certification for commercial products, commercial solutions, for secure programs. And so it’s CSFC is the, short name of it. And so that certification was done so that anybody, whether it’s a a private customer or anybody in the government knows this data and the systems have been tested to support top secret information. So it’s got a set of criteria that’s already met.

Michelle Rudnicki [00:22:40]:
So now as they’re taking that, we carry a lot of those characteristics and, certifications along with us. But as you move into cloud, we need to get additional certifications. And we’ve done that through the work and the partnerships that we have with hyperscalers. So if you look at some of the certifications that they need for cloud and and the federal government, it’s things like bed ramp, which the civilian agencies use, and impact level certifications that DOD uses. So Microsoft and Azure and, Google, they all get those certifications, and our products that are their first party products get those certifications along with it. So now the government can take advantage of the on prem security that they have and connect to secure clouds that are made for their purposes.

Karissa Breen [00:23:24]:
Do you think as well, like, in terms of the enemies that I conduct with cloud, people are becoming more accustomed. My cloud’s been around for a while, but there’s still some people that perhaps, like, hesitant about it. Are you seeing that from a government perspective? Or do you think now it’s becoming a little bit more ubiquitous and make more normal?

Michelle Rudnicki [00:23:40]:
So I and both. Because it really depends on what their applications are and what their missions are. Right? There are a lot of organizations where look, some of them some of the government agencies use commercial cloud because the the level of of the data, the sensitivity that the data that they have is, hey. We look at it. Clouds are centralized. They can keep up with the patching much greater than we can, so let’s go into it. Let’s go into a cloud. At the same time, you have some missions that look at and say, okay.

Michelle Rudnicki [00:24:10]:
We wanna be able to ring fence it, or they’ve got different secure networks that they need to exist on. Right? They can’t exist on the Internet. So having private data or private clouds is what they need to. So it really has to do with what their mission is and what they need in order to accomplish that.

Karissa Breen [00:24:26]:
And you mentioned before, Nishan, Ted, that the NSA certification, perhaps for people who are not familiar exactly what that is. Can you explain that a little bit more?

Michelle Rudnicki [00:24:33]:
Yep. So one of the the missions that NSA took on was trying to build a set of products, right, or test a set of products that anybody, like I said, whether it’s a commercial customer or whether it’s another government agency. What they run is a testing program. So they run it through products through a very thorough set of tests where they test a whole bunch of different criteria at the level and the pass fail. Right? If they that they’re using is to ensure that the products can maintain the security profile for top secret data. They go through and it was, I I don’t remember exactly how long it took us, but it was it was probably more than a year to get through the initial certification. And, you know, now as we add new products in, some some of the parameters we can carry forward, but we keep adding to what we have sent through their testing process. Right? So once you’ve been through that, it’s like we know that it can that it it has all the the criteria that we need for top secret data, which probably should be pretty good for most people.

Karissa Breen [00:25:41]:
And on that note, do you say in terms of top secret data giving customers assurance as well? Because obviously people now with sensitive information, especially around government information more specifically, people now really looking for that extra layer of assurance.

Michelle Rudnicki [00:25:57]:
Yeah. Well, and I will say. Yeah. I think they are. And especially so our government customers, they’re used to having, you know, requirements that they have to meet and they have to hit this standard whether it’s an ISO standard or a FIP standard or. But, when we first announced this, the calls that I got were all from commercial customers. Some banks and some other regulated industries and where it was, you know, our team and their customers were like, hey, Tell me a little more about this. Right? Because we have needs to protect our data.

Michelle Rudnicki [00:26:29]:
So I think the program, NSA’s program, is kinda doing what they had intended it to do was was build a framework that could be used by them, but also by other customers as well.

Karissa Breen [00:26:40]:
And just to sort of conclude our interview now, Michelle, I think the operative word that you’ve used today is definitely mission. So I want to maybe round it off with from your perspective of your experience, what do you sort of think leadership qualities, you know, essential in driving innovation and success in complex sort of mission environments with what you do today with NetApp and then also your background in the private sector as well?

Michelle Rudnicki [00:27:05]:
Yeah. So I think with obviously, leadership characteristics transcend industries in a lot of ways, but sometimes you need a little more of of something than other. And with public sector, I think it’s an environment where you have a lot of different organizations. Right? We have elected officials. You’ve got everybody’s got an opinion or a voice. Right? The money comes from taxpayers, so everybody feels like they’ve got a vested interest in the decisions that get made. So I think you need to be highly collaborative and you highly transparent are a couple of the things. And then I think you need a lot of grit.

Michelle Rudnicki [00:27:40]:
Because there is a lot of scrutiny and and it takes a lot to to get through the network that I think exists in public sector, maybe a little bit different than in some other, businesses, if you will.

Karissa Breen [00:27:52]:
And what does grit mean to you?

Michelle Rudnicki [00:27:53]:
Grit means that don’t give up. Right? You gotta you’ve gotta keep going because there’s gonna be a lot of obstacles that you’re gonna have to overcome. So you’re gonna have to knock them down and then a new one might arise and and just, you know, sticking with it until you get to get to the objective.

Karissa Breen [00:28:14]:
And there you have it. This is KB on the go. Stay tuned for more.