Security Innovation in the Age of AI with Tom Gillis

Welcome to Cisco Tech Meet, the podcast that explores the people and stories behind what inspires the newest innovation. I'm your host, Abe, and I'm thrilled to welcome our very own Tom Gillis, who is our SVP and GM of Infrastructure and Security Group at Cisco. Tom, welcome to this is Contact me. Thanks, Abe. Good to see you. Likewise. So I've heard you describe AI as a tidal wave that's pretty much impacting every industry. What's Cisco's role in that? How are we evolving to handle this? This big change here? Yeah, I think it's impossible to overstate the impact that AI is having on basic business processes and the way we work. And kind of the way I describe it is, with the release of ChatGPT 5. 2, I'm now convinced that ChatGPT is both smarter and funnier than most of my friends. Right. So, like, you know, and maybe the bar is kind of low there, I don't know, but, you know, like, all due respect to my friends, but clearly transformative. Right. And so, so what's interesting about AI systems is that the computers that run these AI applications are going to look nothing like the computers that run a Kubernetes or VM based application. They're massively parallel. And it's if you're like a computer science nerd like I am, it's the thing we've been chasing after for kind of a couple decades is what we call composable systems. So we're gonna have this big giant grid of computing elements, a big giant grid, a memory, a big giant grid of storage elements. And then you put them together to make a computer has the right shape to do the job that you need done. Right. The network becomes the substrate that you compose these systems on. So in many ways, the Ethernet network, hopefully the Cisco network plays the role that the PCI bus used to play in a server. It's the thing that stitches together the various components the storage, the memory, the compute and turns it into, you know, an overall coherent system. And in the case of it, you know, AI infrastructure, these are massively parallel, incredibly powerful systems. So the network is super duper fast and very, very performance sensitive. right. Okay. And now of course with AI we have a huge security component that goes along with all this. So how is Cisco sort of evolving in terms of how we approach security within this new AI era? Yeah. And again, the the shift that we have happening with these AI applications is fundamentally transforming the language of security, kind of a primitives that we use for security. So in a world without an application is a very predictable thing. You click on a link, it's going to do a bunch of things. You know exactly what they are right now. What you do is a model one to that. And the application has resub right. And so which means it's non-deterministic you can ask you the same question twice. So we'll do a two slightly different answer. to put security guardrails around a non-deterministic asset is a much harder problem that we had in the model trajectory of deterministic. Right. So something like a firewall needs to dramatically change. Right. And we would need to be able to look at the back and forth between either a user and a prompt, or more and more between an agent and an application. Right. Using MCP, we need to be able to look at that interaction and apply our own reasoning to say, does this look right? Right. Okay. So let me give you a real example. Perfect is when a model learn something, it never forgets. That's one thing our, listeners did understand is that when your data goes in, the model key kind of gets absorbed in there and you can't go back and delete it. That's right out of the database. Right. So when a model learned something, that data is gone and it's out in the in it in bigger. So you want to be really careful about what data is exposed to the model. Now you can tell the model you look I'm going to give you Tom's back account. Right. But you tell it explicitly. Do not reveal Tom's bank account number. The model will say, okay, good. I'm not going to reveal his bank account. But if you remember the game when we were kids, 20 Yeah, absolutely. You got a secret, you got 20 questions. You ask. Right? So you can almost always get the secret away. Less than two questions, right? That's what happens in AI applications in that I could ask the application. Hey, what's Tom's bank account number? The application will say, oh, I'm not to tell you that I can't give it to you. Like, okay, no problem. That's a different question. Is Tom an employee of Cisco? Yes. He is. Is he on direct deposit? Yes. Is there a number associated with his direct deposit? Of course there is. Here's a number. Right, right. So. So static rules cancel. Did you. Any questions? Problem. But as Cisco we've been investing in these specific security models that we manifest. Right. Because I defense. Right. That allows our infrastructure to be able to interpret and understand AI. So we're putting oh AI awareness into our network security, which is a really, really I think a big step forward. Absolutely. And I know you mentioned, you know, things are so much more unpredictable now. And of course, if you look back when you were looking ahead at what I would do, you probably thought, okay, this is going to be a pretty quick rolling train. Is it even crazier than you could have imagined?

Yes, because of the immediate impact the business value that these AI apps have, right? Just think about like the way we all work every single day. If you me personally, I used the chat bots. Castle. Yeah. You know, it's like this. Okay, well, I was sort of joking about this thing. Smarter than most my friends, but it is, you know, like, so I. I turned to him for technical advice and ask him questions and more and more, using agents to perform routine tasks. Right. And so the business value is so high that we see customers rapidly adopting this much, much faster than previous technological evolutions, like the movement from VM based systems to cloud based containerized systems. Right. That's what a decade this is going to take. You know, months not years. Yeah. Right. For this transition to AI and and so change is being thrust upon us. Absolutely. And you mentioned customers which we know we're always mostly interested in their user experience and catering to them. Are there a particular demands that you're seeing that are kind of shaping how we, you know, formulate our innovative security measures in terms of AI or just this in general with all these new things happening. Yeah. So there's two things. The first is that basic question about like, where did my data just go and how do I protect it. Right. And so I defense is designed to specifically answer that, that question. The next big wave that we see coming in the security zone is, is the with the adoption of agents in the workplace, we need to think differently about access to. And let me describe the problem. So for decades, we've had very clear capabilities that follow the zero trust model around least privileged access. Right? Salespeople. You get to sales applications and IT people can get to IT applications with sales doesn't go right to that's the least privilege. Part is Cisco Secure Access. But also our competitors, Zscaler, Palo Alto. They all have varying levels of capabilities around this that I was just as mature right now. The other end of the spectrum, you have machine access, so B printer can access the print manager and nothing else. And this is something Cisco does particularly well because the printer is not going to log in and you just authenticate into a box. Right, right. So we use a network and our identity services engines to identify is a printer. We put a tag on that. And then wherever that packet goes we know is a recipe. It's very narrow very rigid axons. Now all of a sudden you have AI agents and an AI agent oftentimes has a human credential. So human credentials are very long lasting. And it's a pretty broad. Yeah. Right. If you're a sales person who gets a sales applications that could be 100 applications. So you have these agents that have the broad access of a human. But the common sense of a printer, it creates an enormous security pot I can imagine. Right. Yeah. Like so like real world example. I want to use an agent to process my expense reports at Cisco. Right, right. I have no like so expense reports. It's cumbersome. It's a pain. So this agent needs to be able to access our travel system, which is Cooper. But, my calendar, my photo, roll to look at receipts and then process transactions on my card. Right. I want the agents to access my credit card. I do not want the agent to buy a fortune Right? now. No, not right now anyway. Yeah, but. So we need to put almost common sense guardrails around that. But you, you can't hard code that. Because if I tell the agent, hey, don't let the agent buy a poor seed, you'll be like, oh, okay, cool. I'll buy a Ferrari. Exactly right. But worse. Yeah. So we need that same AI based reasoning to supervise the AI applications. So AI protecting AI, you know. Well, that's the world we're living in. It's really the only conjugal solution. Right. And so we're working to put those capabilities into our platform, which is a Cisco secure access user to application interactions. And then with the hybrid mesh firewall, firewall we can intercept application or agent application traffic. So that's awesome. So bold new worlds. But these are dramatic shifts in how we do security. Right. And as you mentioned you kind of have to go with the flow. You can't just ignore that because you'll be left behind. That's happening with the with us. Yeah. Right. Yeah. So you know, we need to get in front of this and help our customers control. Absolutely. Love it. I've heard you mentioned something about the platform effect and its impact on customers. Can you just tell us what that is and why it's important? Yeah, it's incredibly prevalent in the market. And with this AI transition, the platform, philosophy becomes more and coordinated. And it was even in just, just a few months ago. So the idea behind platform is that a platform is not a bunch of products that you buy from one salesperson. Okay, right. That's what some vendors talk about, right? It platform is a system of systems. These things work together. And let me be very specific. What a platform should do. This is why I talk about AI defense.

Right. We just put it on AI awareness into our network security AI defense and we're making it a feature on our hybrid mesh firewall. We're taking that hybrid mesh firewall, and we're making that a feature in our switches and our routers. Right. With smart switches, we're taking that intelligent network fabric, and we're bringing it right into the GPU complex so that we could do that GPU to GPU communication as a platform. Right? Right. So these are individual systems that are designed to work together. But here's the best part of it is we're designing this in a way that we can extract telemetry from the inner workings of these AI based applications, and provide that summitry to Splunk without driving a gigantic ingest. You got it. Right. So spatter comes this platform that allows us to look at and understand and observe these applications in fine grained detail. And because we're thinking about this from the beginning platform, in fact, that Cisco, I think, you know, is very, very interesting to customers. would it be correct to call it somewhat of an ecosystem as well, or is it not so much the same? Right. Question. Because it becomes, you know, in a platform based world, there may be some customers that choose some systems that are through Cisco. I don't know why they would that I don't. So this misguided, customer. So we have to make this bathroom open and extensive. So it's going to work with heterogeneous infrastructure because we're Cisco. Most environments we're in have other vendor products in there. We interoperate. And that's the ecosystem part of it. Right. But very much a true platform is when the whole is greater than the sum of parts. Okay, that makes sense. And then seems like that would be an advantage to have that be that way. Leave a significant. Yeah. I know we talked about sort of what's happening with AI and what we're doing at Cisco, and maybe there isn't anything yet. But as you think about the future, other innovations that you think either are going to happen or you would love to see happen that are just going to change the way we do things even further. Yeah, I think the next three years. So, so in hardware terms, think two major design cycles. There's going to be a whole bunch of innovations. So what's happening? The AI infrastructure is this stuff is running so fast. Yeah, that we're starting to reach a point where we can't move electrons over copper wire faceoff. So we're going to need to go directly from silicon topics. And this is while Cisco remember the platform in fact. Yeah it's about yeah. So we believe that you know somewhere like right now we're shipping 800 gigabits per second before we just announced 1. 6, terabytes percent sport. Right behind that would be three Paju terabytes per second report. Somewhere in that transition, we're going to have to go directly to optical. And so that's going to again drive a need for more integrated solutions. The other big thing that we're challenged with is these systems are so powerful and so power hungry that delivering the power to them and then cooling them is a real challenge. And so we're going to start moving in a world where liquid cooling as a requirement, I think, live a cooling and integrated optics, this kind of drive rack based system. So our customers are not going to build data centers out of boxes, they're going to consume it by the rack. And this is, I think, a big opportunity for Cisco. And in fact, it's my big focus area. Running product development. It's you're building an integrated solution that includes the network, the network services to compute the storage, the security, the load balancing, all of that software defined, composable, liquid cooled. Yeah. Optically and connected, delivered by the rack. It's easier for the customer to consume. Right. There's a ton of innovation that has to happen between where we are now and what in the world I just described. Right. That is a path that we're on. That's interesting. And so just to be clear, when you say buy the rack, you're talking about a system that literally includes all of those components within one framework or. Right, exactly right. And so we may be incorporating storage from a third party into, you know, some security technologies from outside vendors. But we integrate that all into a send the solution to the customer, embedding bias into skew. Right. You click here and boom, here's a rack. Yeah it's amazing here I know right. But because that's what customers want of course. Yeah. What company do you think defines themselves by saying we're really good at building data science. That's not their core business. Yeah. Business is the software. The power is there. Absolutely. And the data center is the engine that drives that software. So we make it easy for these customers to have the latest and greatest engines to power the apps that are going to drive their business right, which really aligns to our goal of simplifying the experience for the customer. Yes. So and be you know, who we talk about being I infrastructure company. The network I will argue is the hardest part all this. So that's what gives us, you know, I would say permission to play or maybe even an unfair advantage as we stitch this together. Right. On behalf of our customers. Got it. And hardest part, because of the amount of data that just needs to be transferred back and forth to just that, that amount, if the network becomes the back claim that you're using to define to create a computer and it's a coherent system

which means each the individual cross the selling, those processing elements are working in lockstep. Right? Then you know, that network department is very, very boring. And that's an interesting if you look at like a network like those have more gates than achieve. Oh really. Okay, okay. I think some larger. And because I always like saying in simple terms that GPUs are in the fast, it has to be faster. Right. Like you got feed that you. Right. So yeah. So typically network thing is as being the model that yeah most this AI based applications and we can address that. But that's amazing. If only there were a company that were known for its networking. Yeah. Oh wait that's awesome right. All right. Let's go. I gotta say, I love how you describe and define, you know, these topics which are not always easy. I wanted to ask you, have you ever thought professionally or even thought of it? Yeah. Yes, I have, so I, I teach a bunch of classes at Lehigh University and, like, oh, you could ask you, why do you do that? Then I don't get paid for doing it. I just enjoy doing it. It's fun. And what I really like is I see these kids coming up and. And if, you know, I can help by even a small part in getting them to think about technology and Silicon Valley, or that's a huge man. And a bunch of those kids are working at Cisco, and there are some of our most productive product development people. I love that. Yeah. No, I really enjoy that. That that's I'm that's so cool. And, you know, I come from a long line of teachers And of course, most teachers will tell you that they learn more from their students. Do you find, that to be the case in terms of, like, your teaching experience and how you bring that to work? Absolutely. It's first off, I just really encouraging and uplifting in there's just a lot of positivity around, you know, imagining what what's possible. Right. But also, you know, the thing I've learned is, is the talked about innovation and the imperative for innovation. Where do good ideas come from? They come from everywhere. Right? So the more diverse a we can be, the more perspectives that we can embrace, the better our thinking. And the, university environment really kind of unlocks back creative thinking about. Absolutely. Speaking of creative and, you know, we we've sort of stepped away now talking about teaching. Let's step even further away from work for a second, although I think it's going to bring it right back around. Because you have a really interesting, family history where your, your mom was a concert pianist, dad, an engineer, which are two different but very cool professions. How did that or did that, impact your decision to get into tech and then. how did that get you where you are now? Yeah, sure. So my mom played the Boston Symphony and my dad was an engineer at, Brickyard. And so it it's a it's true. Those are like, in some ways I used to say mom was a hummingbird, and dad is a Labrador, you know? Yeah. Yeah, right. Very, very different personalities. My mom used to say to me, she used to say, I want you to love music. appreciate music, but I forbidden forbid you to make it your limit. I'm five years old. Right. So on that. Okay, so I thought I was, like, a musician, so I. I'm an engineer and I love engineering and I love the tech side of things, but the, the creative aspect of, of as we talked about earlier, like thinking about, you know, things in a new light, a new perspective that literally comes, you know, from the art world. Absolutely. Right. Yeah. And, and so it's only later in life that I, I've started to play and I'm not good. But, but I do, I play saxophone and I do just, you know, never going to have a concert I'll never play or the Boston Symphony, but but, you know, I really enjoy you know, that process and absolutely life. Yeah, but the magic is the intersection between, you know, definitely, definitely. Well, as a fellow musician, who doesn't play professionally anymore, but I used to do music for a living. It's something that once you do it, it can always stay with you. Yes. You know, yeah, I do, because I want it exact. Exactly. Yeah. And that's the best reason. I think that's a great way to a book and the conversation. Tom, thank you so much for spending some time with me today, and I really appreciate it. I hope we can do this again soon. That'll be fun. Thanks for having me. You got a ticket?

That's one thing our, listeners did understand is that when your data goes in, the model key kind of gets absorbed in there and you can't go back and delete it. That's right out of the database. Right. So when a model learned something, that data is gone and it's out in the in it in bigger. So you want to be really careful about what data is exposed to the model. Now you can tell the model But as Cisco we've been investing in these specific security models that we manifest. Right. Because I defense. Right. That allows our infrastructure to be able to interpret and understand AI. So we're putting oh AI awareness into our network security, which is a really, really I think a big step forward.