Cloud Security Today

What Serverless Can Do For You

October 21, 2022 Matthew Chiodi Season 2 Episode 10
Cloud Security Today
What Serverless Can Do For You
Show Notes Transcript

What Serverless Can Do For You? With Mark Gould

Episode Summary

On this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect.

Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear about cloud automation, Mark’s NSG alerting system, and his greatest accomplishments in recent years.

 

Timestamp Segments

·       [01:22] About Mark.

·       [02:49] About Manhattan Associates.

·       [04:46] How does cloud fit in?

·       [06:16] Automation in the cloud.

·       [09:03] Modernization at Manhattan Associates.

·       [10:18] Serverless computing.

·       [14:39] Security risks with using serverless functions.

·       [17:58] Mark’s NSG alerting system.

·       [21:27] Three metrics for automation and security.

·       [23:33] What should security teams be doing differently when working with DevOps?

·       [25:43] What is Mark most proud of?

·       [27:45] How does Mark continue to learn?

·       [30:31] Is Manhattan Associates hiring?

 

Notable Quotes

·       “You definitely have to pick what kind of processes you want to automate and make sure that you’re willing to put in the work to maintain them.”

·       “Sometimes serverless isn’t always the cheapest option.”

·       “Leaders are learners.”

 

Relevant Links

Manhattan Associates:           https://www.manh.com

LinkedIn:         https://www.linkedin.com/in/mark-gould-15a7a3149

Secure applications from code to cloud.
Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Narrator (00:00):

This is The Cloud Security Today podcast where leaders learn how to get cloud security done, and now your host, Matt Chiodi.

Matt Chiodi (00:12):                                 

You don't hear too much about server-less computing, at least I haven't. We know that it's been around, but I think quite frankly, containers have dominated the conversation over the last three years. So in today's episode, I have the privilege of interviewing Mark Gould. He is a cloud security engineer at Manhattan Associates, and I think this episode is useful because if you're not overly familiar with server-less technology, Mark's going to talk about its use, and I know that he's a big fan of the Google cloud platform. So enjoy the episode. And I'd love to hear from you the audience, what do you want to hear more of? Do you want to hear more from day-to-day practitioners? Are you looking to hear more about thought leadership? Go ahead and send us an email at Cloudsectoday@gmail.com, I want to hear from you, what do you want to learn about in the coming year?

Matt Chiodi (01:18):

Mark, thank you for joining us on the podcast today, why don't we start out by you just telling us a little bit about yourself and what you do at Manhattan Associates?

Mark Gould (01:30):

Sure thing Matt, thanks for having me. My name's Mark Gould from Manhattan Associates, I'm a Cloud Security Engineer and I've worked around in this industry for three years solely based on cloud security in the cloud security we do at Manhattan using products like AWS and Google Cloud Platform. Now, when I first joined Manhattan Associates, I kind of joined at a time when we were heavily moving into the cloud sector and I joined as a system administrator. And I noticed around me this huge push to move into this public cloud space, and I always liked to use the term 'Luck is where hard work meets opportunity.' So seeing that opportunity in place I put in the hard work to learn more about Google, more about AWS, and all the public clouds. And I ended up getting certified as a Google Cloud Architect.

Matt Chiodi (02:16):

That's awesome.

Mark Gould (02:17):

Thank you, and then after I got certified as Google Cloud Architect, I was approached by our security team that kind of had a gap in Google knowledge. Because I think out of all the clouds a lot of people have AWS knowledge, but Google knowledge seems to be few and far between, I think in the Atlanta area alone, there are only around 160 publicly available professional Cloud Architects. And so I took up the position there and now what I do is I manage the risks that we have in the cloud and I design and implement projects to kind of mitigate those risks.

Matt Chiodi (02:48):

So now, here's a little bit of background information on Manhattan associates, I did look up some of the metrics and they were pretty impressive. It says you guys connect 2 billion people with over 20 billion consumer choices, you move 150,000 pairs of shoes every hour, you move 300,000 tons of food every day, and we have over a hundred billion in retail pharmaceuticals to help people stay healthy. So what does all that mean? Are you guys a logistics company? I would imagine that with those numbers like that, there are just some massive data flows happening. Give us a little more context on Manhattan Associates and then maybe how does cloud technology fit into that picture supporting all that?

Mark Gould (03:36):

Yes, we're a supply chain software company, and we build a lot of suites of software that help people optimize and make their supply chain more efficient when it comes to Omni channel operations or warehouse management. One of the stats I always like to give out, it's not so much a stat, but it's something at least I'm personally proud of with this company is that we've been rated for nine years straight as one of the top workplaces in Atlanta, I think we've hit the top 10 for nine years straight. And so we're always looking for new talent and I think in an industry where it's very tough to retain talent, that's something that I think is huge, but when it comes to using supply chain software and the cloud-based products that go along with that, that gives us the scalability, the availability and these new revenue channels that allow us to go to more customers and more regions than we could before. A lot of things we do in the cloud, especially with the new log for J vulnerability that just came out, being in the cloud allowed us to act faster and more agile to service our customers based on that vulnerability. Which, especially looking at Twitter recently I feel like that was an issue a lot of companies had that we were able to solve fairly quickly because of how cloud-based and agile we were.

Matt Chiodi (04:44):

I love that, and so with a company like Manhattan associates I know you mentioned AWS and Google Cloud, how does the cloud fit into that whole picture? Give us the 10,000-foot view and talk about how it's intertwined into all the activities that you guys are doing, giving customers that omni channel experience.

Mark Gould (05:11):

Well, for our active Omni products, if we sign with a customer, they're able to get real-time updates and real-time data for either their inventory, their warehouse management, or where the product is, we can even use that information sometimes to make inventory predictions with our product.

Matt Chiodi (05:26):

Okay, that makes sense; I have a little bit of an e-commerce background from my eBay days, so that makes sense. I remember one of the biggest challenges we had back in the day was when you've got multiple warehouses, especially during the Christmas season with high-velocity inventories, it's always a challenge, right?

Mark Gould (05:48):

There's always a busy season.

Matt Chiodi (05:50):

Right and I noticed you guys are not just focused on consumer items, right? There are also retail and pharmaceutical pieces, and I saw here that you guys got over eight miles across four oceans and six continents expanding commerce globally. A question I have for you is, one of the things that as organizations move to the cloud, that they are constantly, I'd say almost pelted with is the whole concept of automation, but from my experience, you don't actually get it automatically when you move to the cloud. So think about right, you open up a new Google Cloud account, you don't just get automation; tell me a little bit about that. If you were advising a company, and they've just opened up maybe a new Google account, where do they start? Where would you recommend?

Mark Gould (06:50):

Yes, I think what's great about the public cloud is so much is managed for you, but managed in automated are two different things. I think a lot of companies when they do move to the Cloud try to do a lift and shift model where they just copy and paste what they have on Prem and throw it up into the cloud. And I think the first thing they need to do is, plan out, look at what products the Cloud does have to offer and where you can fit some Cloud-native products or some automation into that. A great example would be Bastion Host, I know a lot of companies, that use Bastion Host and they'll copy and paste that into their cloud platform when I know Google and AWS, they both have managed services for that. They have laughed, I think the industry always likes to say that Cloud is just someone else's computer, but I think people, they hear that and they don't think of how many different abilities and projects and products they have in the Cloud. That if you can redesign the architecture of your product and make it not just a copy and paste clone into the Cloud, but make it a Cloud product, how much money they can save and how much more secure it can be. And when it comes to automation, I think a lot of people who do move, lift and shift it into the Cloud, they don't really have that coding knowledge to know, we have things like Lambda, and we have things like Cloud functions. I'm not as familiar with Azure or OCI, but I know they have to have at least some kind of server-less function too. And so I think it's important to plan out exactly how you move into the cloud and how you can fit these cloud products into your own product.

Matt Chiodi (08:13):

Now I'm curious and feel free to share as much as you can or not, Manhattan Associates, as you guys have moved into different cloud platforms, how much was lift and shift versus "Hey, we're going to refactor and go cloud-native." I know we're going to talk about server-less computing, I know that's a passion of yours, but I'm just curious. Do you guys have a mix of lift and shift or what does that look like at Manhattan Associates?

Mark Gould (08:41):

We do try to utilize a lot of cloud products we have, I wasn't here when we first deployed, so I don't have much of an answer for that, but we do use and utilize a lot of the cloud products that are provided from Google, AWS and other vendors.

Matt Chiodi (08:55):

Alright, I know you've been at Manhattan Associates now for about three years, from what you can share, have there been a lot of modernization efforts? I know a lot of what I see from talking with different organizations across the world, a lot of what their first wave into the cloud, as you said, was lift and shift. Let's just mirror our data center, and they found out that, well, when they do that the cloud is actually really expensive. It's more expensive than my data center, so I know a lot of organizations have had projects to go back and look at it and say okay, how do we take advantage of server-less? How do we take advantage of containers? What does that look like at Manhattan Associates?

Mark Gould (09:40):

Yeah, I think one of the great parts about working here is that you won't find a single person who isn't excited or wants to get a part of the newest and greatest technology. So when it comes to stuff like machine learning or the new products that Google has, I feel like a lot of people here from the top down are always willing to jump onto it. And we definitely, I feel like have a modernized product in the cloud that is great for our customers, and it's great for even our employees to work with. It's always great to come to work and you're not worried about, "Oh, I have to work with this legacy system." It's always, what is the newest toy out there and how can we incorporate it into our product? And I think that's really what makes us a great place to work for and a great culture.

Matt Chiodi (10:18):

I know you personally are a big fan of server-less computing, and I think for many organizations, there's still something that they're either experimenting with or maybe thinking about as they look into 2022. Educate us a little bit, what workloads have you found are most ideal for server-less and maybe then put a security twist on that for us, what tends to be the biggest security risks that you've seen with them?

Mark Gould (10:47):

I think server-less, because it's so lightweight it's limitless to what you can and can't do with it. I find it's great for stuff like data processing or incorporating it into a data flow on a workflow. It's also great if you want to try to do machine learning and personally I've used it myself to do web apps because it's so easy to trigger. Let's say you have a sort of file that you upload into a bucket and you want to ensure its integrity or you want to ensure the security of it. You can have it the second it gets into the bucket to trigger a server-less cloud function that checks either the hashes or the integrity of the file. I think Netflix is always a poster child when it comes to server-less architecture. My wife and I will be on the couch looking at stuff on Netflix and she might not notice it, but every time I go on Netflix, I'm always just immensely impressed with how fast everything on Netflix is. From getting the thumbnails of what the movies are to how fast you can fast forward them and get them, all that's because of the service architecture that they implement. They have a bunch of lambda functions that encode all the videos that get uploaded by their publishers into S3. They use that, like I said, to do automated backups and they use it to ensure the integrity of their files, other great server-less processes that you can do is if you just need to improve an employee onboarding process. You come up with a KPI that's taking a long time to get this data transfer from our HR system to maybe Azure or whatever other systems you use. You could put in either a public cloud-based server list there to say, 'Hey, when this data comes in, parse it, format it, and try to send it out to these different systems with their API'. It definitely takes a lot of the manual workload off things and at Manhattan, that's what we really try to use it for, it's to automate and get rid of that manual workflow that would otherwise take too much time.

Matt Chiodi (12:41):

Now, have you found that obviously, you would have to refactor things in order to do it in a server-less way? From an engineering perspective, has that been a pretty big lift? What is that? Is that something that's taken months to do? I'm just curious because I know again; a lot of people are looking at server-less trying to see how it fits. They can see the cost advantages, what's that look like at Manhattan Associates?

Mark Gould (13:06):

Yes, I would say the refactoring is not so much of the issue, I would say starting server-less is what's easy, but before anyone gets into server-less, I would say the hardest part is ensuring it can be maintained. Because at least when I first started server-less, I was under the impression that you throw in your code to a land of function or you throw in an app to cloud run and you just leave it and it maintains itself. And that can't be further from the truth, I learned pretty quickly that there is such a thing as over automation and it's always a joke, especially in this industry that we'll spend four hours automating a task that takes four seconds. So I think the issue is, you definitely have to pick what kind of processes you want to automate and make sure that you're willing to put in the work to maintain them, but once you have that down, it becomes something that really does make your life a lot easier.

Commercial (13:52):

Prisma Cloud secures the infrastructure, applications, data, and entitlements across the world's largest clouds, all from a single unified solution. With a combination of cloud service provider APIs in a unified agent, framework users gain unmatched visibility and protection. Prisma Cloud also integrates with any continuous integration and continuous delivery workflow to secure cloud infrastructure and applications early in development, you can scan infrastructures' code templates, container images, server-less functions, and more while gaining powerful, full-stack runtime protection. This is unified security for DevOps and security teams, to find out more, go to Prismacloud.io.

Matt Chiodi (14:40):

Mark, talk with us maybe a little bit about some of the security risks that you've seen with using server-less functions. I would assume that there are benefits, right? Because you don't have to worry about some of the other things that you would if you were running, let's say something even in a container, but other risks that are unique to server-less functions.

Mark Gould (15:02):

Yes, I would say one of the great things about server-less functions and server-less, in general, is that it's just so managed for you. And the issue with that is that you don't feel like there actually is a security risk when there could be underlying security risks that you don't understand. So first and foremost, when it comes to server-less it's very lightweight, it's mostly just the code you put in, so security should start with building secure code right off the bat. You don't want to have plain tech secrets in your code; you don't want to be exposing environmental variables. And even if you build a web app, you can build a great server-less web app, but if you're transferring data unencrypted to other web apps it being server-less doesn't matter. It really talks a lot about this whole shift-left movement where a security's starting to become more in the code rather than from outside of it. So definitely, keep making sure that the code is secure, but also there are a lot of tools, you can use Prisma that will be able to secure the cloud functions for you that I'm excited to try out.

Matt Chiodi (16:01):

So you can scan the code, is there anything that you guys have found to be useful at Manhattan Associates? So if you guys are taking advantage of these functions, I like what you said right there, they could be fairly straightforward to build, but as you start to build them out, you still have to maintain them. Have you found certain things that help to automate the maintenance of these, because I think at the end of the day, and tell me if I've got this right? So when you're looking at a server-less function, when it executes there are the permissions that it runs under, right? So there's the identity side of it, what permissions is it given the run? And then there are also the libraries right behind it, where there could be vulnerabilities. Outside of the identity and vulnerability management of the packages, are those the two primary areas around security that you would be concerned with or are there other areas that folks should be looking at as well as they're exploring server-less?

Mark Gould (17:04):

Well, I was saying the security of the packages is definitely a huge one even outside of server-less, that's an issue that everyone's going to have. But I think another great thing that a cloud does is they also automate the management of secrets and they can automate the management of rotating those secrets because I feel like a lot of times developers, the idea to secure a secret in there, they won't expect that maybe this code might be released out into the wild and then that'll cause an issue. I know Google and AWS incorporate their secrets manager into the server-less function, so you can have those credentials in that function, but you have them in a secure place where they can be audited. You can monitor who accesses them and when, and then even more so you can automate the rotation of them because, I'm sure you've probably experienced it sometimes trying to rotate credentials can be an absolute undertaking. So being able to have that secrets manager, being able to have that automation in place, that's just more man hours that you're saving.

Matt Chiodi (17:56):

I love that, so one of the things I picked out from your LinkedIn profile, and I'd love to have you give us a little more color on it, it's that you created an NSG alerting system that utilized cloud functions specifically around GCP the cloud security command center back to service now. I know there are a lot of organizations that you service now as their IT service management backend. Tell us a little bit more about what exactly you built and then maybe think of it in terms of what were things like before you did this and then how the SOC team benefited from it afterward. So give us kind of the big picture and take us from there.

Mark Gould (18:42):

Yes, this was one of my first really big projects and it's something I'm really proud of. Before our SOC was actually monitoring manually our security SIM to see what alerts were coming in and then creating tickets based on that it was a really laboring process. And I felt like it wasted too much time of our SOC instead of actually solving security issues, so Google has now since built a lot of products that kind of automate this even more, but before it was, you had to install an app engine instance, which we did. And we were able to have that app engine instance go to a cloud function, so when a configuration alert happened, it would automatically go into our cloud function and our cloud function would build out the ticket with a service now connection for us.

(19:30):

So no longer was anyone even looking at our security SIM, it was all being done automatically in the tickets where we wanted to act on, they were automatically being put in. And the only thing our SOC was doing was their job, which was just triaging and investigating those tickets. It saved a bunch of man hours and because it was one of my first big projects in the cloud it made me know a lot about these server-less cloud functions and a lot of the products that the cloud has to offer; things as Pub/Sub, the amount of data that Pub/Sub can pipe through is great. And the automation at the second where configuration issue happens, I think we can get a ticket in, in less than 10 seconds in the serves now, once that happens. I always like to tout that it's always something I've been very proud of doing, the speed in which server-less is allowed to give you this agility because if you try to put this automation function on, let's say like a compute engine instance or a VM you're running that maybe three or four times a day, it's never going to be continuous like it is when you're able to just have an automated pipeline that can like I said, get you an alert in 10 seconds.

Matt Chiodi (20:31):

I love that, so that must have been something that you not only should be proud of, but also I think the SOC team would probably find this amazingly powerful, so congratulations on that. I love to hear when people are building based upon server-less functions, things like this that actually improve the rate at which the organization can respond when there are threats.

Mark Gould (20:56):

I always think the best security is the ones where you're able to not slow down the process, but make it faster and better, because it's tough to implement security tools if you have to go up to them and be like, "Listen, this is going to slow down how you do things." No one wants to implement something like that, and it makes people averse to security, if you come with a perspective of I'm going to make you faster and more secure, not only is everyone going to buy that, but also they will become more security mindset in the future.

Matt Chiodi (21:21):

So I think this is a good segue into the overall topic of metrics, right? So obviously your SOC teams probably getting some pretty good metrics now out of the system because of this and other improvements. But what I've found is that metrics are vital to the success of almost anything in life, right? So, Mark, the question for you would be what are three metrics that you would recommend starting with when it comes to automation and security, and why? I know there's probably 3000, but if you had to pick only three, what would those be, and, why?

Mark Gould (21:58):

So I would say the first one is to try to identify the problem that you're actually trying to solve and then come up with a key performance indicator to measure success in that problem. I think my past example is let's say you're trying to improve an employee onboarding system, you may want to improve how many days does it take for our employee to be fully onboarded? And then that's your KPI right there, that's what we're trying to improve. And then use server-less or automation as a possible solution to that, you want to make sure that what you do implement is going to make sure it actually does improve that KPI. And I feel like a lot of people like I said earlier, they'll automate for the sake of automation or they'll do a project for the sake of doing some kind of activity and not realize that activity doesn't always equal accomplishment. So always have that one KPI metric that you're trying to solve and see how server-less can do that. And then the next big metric you want to figure out is cost because sometimes server-less isn't always the cheapest option, code starts for Lambda and compute engine. If you're doing a process that's just 24/7 and it's constantly spinning up new cloud function instances, it can get expensive, so you have to make sure that, okay, we do have a process that we do want to automate, is server-less the best way to do it. Now I think for the third metric as I said, you want to see how much time and cost it actually does save you at least in man hours. So, if you build this server-less application, but it's taking you a ton of time to manage it, or you're having to constantly update these third-party packages or APIs, then it's not really saving you time. And at the end of the day, we want to save time, we want to save money and we want to improve the KPIs for a problem we have.

Matt Chiodi (23:33):

Tell me if I have this right, from what I can tell, it seems like your skillset really seems to be a blend of security and DevOps, which is I think rare. What should security teams be doing differently when working with DevOps teams? Obviously, there's the age-old security versus development, but what have you seen, and or what would you recommend doing differently when working with DevOps? What would you recommend security teams do differently?

Mark Gould (24:03):

I've seen a lot of security teams tackle DevOps or a developer experience as a threat when I think it should be tackled as an opportunity. I kind of went into the DevOps space more as a need than it was a want, when I was in college, the last thing I ever wanted to do was do coding, because I felt like it just wasn't my thing. And after moving into the Google Cloud space and a lot of people who work in Google can attest to this. Google is such a developer-focused platform, the API libraries are huge whenever I train people on it, I tell you, listen if you can code then the world is your oyster. When it comes to Google, AWS, and Azure, all of them have huge API libraries, so coming into that SG project forced me to learn to code and I ended up loving it. It's that trial of going through coding this project that made me understand a developer experience more. And it made me understand that I should view development as an opportunity. Go to the developers, see what they're doing and see, where can we implement easy security-based projects into their own processes instead of just, let's say there's some shadow IT in the DevOps pipeline, instead of just going outright banning it because what that's going to do is it's just going to make the animosity between the developer and the security team greater. What you should do is, I think everyone should at least have empathy for each other's team and be able to see it from their perspective and say, "Hey, we want you to be more secure, but we also want to make your jobs easier as well." And if you have that kind of mindset that you want to help them out, you want to not hamper them, but make them advance themselves even more; it's very easy to make good and meaningful connections with that.

Matt Chiodi (25:42):

So when you think about the last three years of your career at Manhattan Associates, what would you say you're most proud of? What are your big accomplishments? I know we talked about your NSG project, but what are some other things that you're most proud of in your three years at Manhattan Associates?

Mark Gould (26:00):

Going back to our last question; I think we've been able to make great connections with our developer team. Since being here, everyone has been so security-minded from top to bottom. It makes us an immensely secure organization and that's something you'd always love to see, especially on a security team, but I think another great accomplishment I've had is just where I am right now. I came fresh out of college as a System Administrator, and I was kind of at that point where I didn't really know exactly what point of IT or security I wanted to be in. And I'm being told, "Yo, you need to pick a specialization, you need to do this," and well, I wanted to do a little bit of everything. And so when I took the opportunity to learn Google, I felt like I did have that opportunity to learn a little bit of everything, I can do the developer mindset, I can do the architecture mindset, and the security mindset. I think that's kind of difficult for people like me to get into the industry, not really knowing where they want to be, especially when it comes to security because at least at my college, we didn't even have a security program. I think I went to Georgia Southern and we started one right when I left, so I think for new people coming in, especially for me trying to get into this industry is so hard. So the fact that I am here where I am now, I always consider it just a great blessing and I can attribute that to how great Manhattan's been to just me and all my other coworkers and the culture around us. I would say another great accomplishment that we've really done here is just how much we've been cloud focused as a company and how much input that everyone from the top down is going to have when it comes to wanting to move further into the cloud, and how can we make that as secure as possible? And I feel like that's rare for a lot of companies to have such a secure mindset and to be able to be a part of such a huge movement, especially where I am now, I think it's a great accomplishment and we're doing great things here.

Matt Chiodi (27:45):

Mark, how do you personally continue to learn and stay on top of things in your role? Because you're three years in, you're doing some really cool things, but as you can probably imagine, you can get into a rut right? But you sound like you're not that kind of guy, how do you continue to learn and really stay on top of things?

Mark Gould (28:07):

I think I'm a bit too impatient with myself to be put in a rut, I always like to try new things, but I think cloud security is one of those industries where you have two different technologies that are moving very fast. You have to keep up with the security aspect of it, which sometimes can be extremely daunting. And then you have to keep up with the cloud aspect of it and, Azure, AWS, and Google, they're releasing so many new features every day, that it's hard to keep up with. So what I like to do is I like to try to make RSS feeds that kind of pipe in, into one place, both in what's going on in the security industry, and what's going on in the cloud industry. And how can we prevent these risks that are arriving at a lot of other companies and how can we utilize the new products that the cloud has? I do a lot of that using as I said, RSS feeds; I used Cloud Guru a lot when I was getting certified. I started when it was young, but man, it's exploded now I think is a great resource to have, and then Cybrary and Code Academy are also really great resources. A lot of people asked me because I didn't really have a coding background, how I got into coding and how I started loving it, and I think the best way to get started at least into the developer experience is not to hit the books or learn at the traditional way. I think the best way, at least for me was to think of a project and then learn as you do the project, so a great example is, that I'm trying to learn swift right now for iOS development. And instead of just hitting the books or using traditional resources, I'm just trying to make the app, and as I go along, I just Google, how do I make a class or how do I make a button and swift? And as you go along through the project, you'll start learning more and more, you'll start reading stack overflow and you'll start understanding it a lot better. And for people who do want to start coding, I would say Python's also a great language to start, it's human readable, and the resources are immense. I've been trying to learn a different language, but it's been difficult because Python is just so easy and it's so powerful.

Matt Chiodi (30:01):

That has long been on my bucket list and I have not gotten to it yet. I probably have three Python development books and one of these days and I am going to start.

Mark Gould (30:10):

I have a few Python development books too, but as I said, I feel like the best, at least for me, and this might be the same for you, Matt, it's just to think of a project, maybe you want to start a server-less web app using FLAS. And as you go through the project, go on stack overflow; see how other people did it. And Python's so human readable that you'll be able to understand it pretty quickly.

Matt Chiodi (30:30):

I love that, I know we have this cyber-security talent shortage, are you hiring at Manhattan Associates? And if so, where can listeners go to learn more? Obviously, you're excited to be a Manhattan Associate, so you're probably one of the best promoters for it, but are you guys hiring security roles?

Mark Gould (30:49):

Yes, I'm not sure about security roles, but we're hiring for a lot of cloud-based roles and a lot of cloud architect roles. We're hiring so much, honestly, it's hard for me off the top of my head to think of what we are, but definitely go to our website it's on manage.com and you'll be able to apply there. We'll love to have you, the hiring rush is real, and like I said, we've been the top company in Atlanta for nine years straight and I think that speaks for itself.

Matt Chiodi (31:14):

I love it, so what's the best way for our listeners to connect with you, Mark? If they want to learn a little bit more about some of the projects that you're working on and just want to stay in touch with you, what's the best way for them to do that?

Mark Gould (31:25):

They can connect with me on LinkedIn, just messaged me and say that you listened to the podcast and we can connect from there. I like to post on LinkedIn a lot, I post all my interesting findings and what I've been doing day to day. Recently I read a good book called "Ride of a Lifetime" it's by the CEO Robert Igar and I've been posting about that on my LinkedIn.

Matt Chiodi (31:42):

I love it, leaders are learners, so I love to hear that you're learning, and you're reading, and I'm really excited to continue the conversation. Mark, thank you so much for joining us today, talking a little bit about Manhattan, and talking about your passion for server-less and coding. I will be interested to follow your career as you make your way, thanks so much, Mark.

Mark Gould (32:06):

Thanks, Matt, it's been great being here.

Narrator (32:08):

Thank you for joining us for today's episode, to find out more, please visit us at Cloudsecuritytoday.com.