Speaker 1: This is Techstrong TV.

Alan Shimel: Hi, everyone. Alan Shimel back here at Chicago KubeCon, North America 2023. If you’ve watched our coverage of past KubeCons or RSA or even sometimes on Techstrong TV, you know this fellow right here, he’s my friend, David DeSanto. David, is the… Is it Chief Product Officer?

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

David DeSanto: Chief Product Officer.

Alan Shimel: Yep, at GitLab. And GitLab always has something doing, especially if it’s the 22nd of the month, right?

David DeSanto: Correct.

Alan Shimel: How many consecutive 22nd of the month releases are we up to now? Do you know?

David DeSanto: Over 150. I know that.

Alan Shimel: Over 150.

David DeSanto: Yeah.

Alan Shimel: But GitLab is also a big community member of CNCF, as well as a bunch of the other Linux Foundation-

David DeSanto: Absolutely.

Alan Shimel: Foundations as well. And David’s always a wealth of information. So David, I hope I didn’t put too much pressure on you, but welcome.

David DeSanto: It’s fine. Thank you for having me.

Alan Shimel: Always a pleasure. So let’s first talk a little bit about the show.

David DeSanto: Yeah, absolutely.

Alan Shimel: GitLab is here. What are you seeing, hearing? What are you thinking about?

David DeSanto: Yeah, so I would say this probably is no surprise to everyone who’s watching, but this year it’s all about security and AI. And sure enough, at GitLab’s booth here, we’re booth M1, it’s also about…

Alan Shimel: Security and AI.

David DeSanto: Security, AI, and visibility.

Alan Shimel: So we’ve been talking a little bit about security and AI too. Surprise. And one of the… We actually, just a quick plug. We actually have a great virtual event coming up in December on AI, and it’s sort of where does AI meet, rubber meet the road. And I want to turn that around to you, David. Look, AI has tremendous potential to help, I think, with security.

David DeSanto: It does.

Alan Shimel: I don’t know how much of it is real today. I think a lot of it will be real, certainly. But what’s real today? No holds barred. What’s your take?

David DeSanto: Yeah, so maybe we’ll start with the AI part of that and then tie it into security. So I always look at new technology through the lens of my parents. They’re both much older than I am. And to them, when I showed them AI, it was magic because to them-

Alan Shimel: It really was.

David DeSanto: How is that happening, right? But then I also had to help ground that in reality for them to say, “Well, this is generative AI. It works by predicting the next word based off the series, right?”

Alan Shimel: Putting one foot in front of the other, right. It’s not sentient.

David DeSanto: When you look at it though, some people have thought it’s sentient.

Alan Shimel: No, your parents, I go by my wife’s sister, she’s 74, and yeah, she thought there was a little person in there, but yeah.

David DeSanto: Yeah, and actually just as a quick note, and the viewers will love this, but I introduced them to it at my sister’s wedding earlier this year. I needed to do a toast. So I had Bard generate the toast for me. And they were like, “How is this happening?” Right?

Alan Shimel: They’re beautiful, I hear you.

David DeSanto: But to kind of ground in reality and you realize how generative AI works, you have to then ask yourself what are the best use cases to apply it to? It’s not going to be able to tell you how many pages there are in a book, how many words are in a book. Those aren’t things that are questions it can build, right? But it can help you with tasks that can sometimes be mundane. It can help you with understanding something better. And that’s how I kind of tie it back to AI. So when GitLab started applying AI to our platform, we started in 2021 with code review because that was a huge pain point helping customers get through code review. The next area we looked at was actually security.

Alan Shimel: Really?

David DeSanto: And the reason why we did that is that GitLab is, in essence was a developer platform when we started, we’re an enterprise DevSecOps platform today.

But it was about helping developers be more effective. And developers don’t start their day off by saying, “You know what? I want to write a zero day vulnerability in the application today. I want to make it super vulnerable.” Right? They want to write really good code. And so we said, “We’ve helped shift security left. How do we help now those developers understand that security they’re seeing?” And so we launched at RSA this year, explained this vulnerability where it actually explains the vulnerability, natural language using AI gives them an example of how that vulnerability is exploitable. And it gives them an example of how to resolve it. And those code snippets it shows are in the language the developer’s writing it. And so when I think about AI and security, I think about it making security truly approachable. And if you can do that, then everyone starts to win.

Alan Shimel: So I would give you guys the Oscar for best use of AI, right? Because I think that’s where it shines. I had a very similar experience with me. So I’m not a coder.

David DeSanto: And I claim to be one, but it’s been a decade plus since I’ve run any code.

Alan Shimel: But you know what? Try putting a little code into your generative AI chatbot and say, “Explain this,” or, “What does this mean?” And it goes through line by line and tells you, “That’s what this is for. This is what it’s calling, this is what it’s doing.” And you can be a complete neophyte around let’s say Python or name your language, wherever you want to do it in. And it really teaches you how to code.

David DeSanto: It does. It does.

Alan Shimel: Line by line, syntax by syntax. So to me, that’s a great use of AI. That’s what we should be using it for. It’s not Google search. A lot of people I know, they think it’s Google. It’s not Google search.

David DeSanto: No.

Alan Shimel: But those kind, and it’s good for writing toasts for a best man or whatever, or an anniversary as someone in my office I know used it and his wife called him on it. But anyway, it’s really great for learning tool. Now, when we talk about AI and security, though, there’s an evil dark side to it.

David DeSanto: There is.

Alan Shimel: Which is how do you secure AI?

David DeSanto: Yeah. And so I love that question. So the first time we spoke, which now is four or five years ago, the question you asked me is, “GitLab and security, explain that.” And we talked about why we’re taking that journey. And today, GitLab is recognized as a security player in the space.

Alan Shimel: Absolutely.

David DeSanto: And it’s one of those things that we are very proud about because we helped define what shift left actually meant. And so if you bring this back to AI, the one thing I always tell people is that, yeah, code generation can be scary. You’re not sure, is it writing good code? Is it writing functional code? But if you’re using GitLab, that code gets committed back into your CICD pipeline and the GitLab security scanners run. And now you know that vulnerability has been resolved and nothing new has been introduced. And so if you pair AI with the right things around it, it can be truly powerful. But you’re right, if you’re not doing that and you’re thinking it is the person living inside the machine, you give a little too much trust to it today. AI is not a hundred percent there yet.

Alan Shimel: Absolutely. Well, so that’s the next segue. Don’t give up any secrets. Let’s not get in trouble. You’re a public company now, but where do you see AI going with GitLab specifically over the next, let’s say between now and RSA in May or something like that?

David DeSanto: Yeah, great question. So fortunately, we’re a very transparent company, so I can talk about roadmap and not get in trouble, but thank you for making sure that I don’t get myself in trouble with legal.

Alan Shimel: Or me.

David DeSanto: So where we see AI going with GitLab is there’s really two paths that we’re exploring. The first is GitLab Duo Chat. We released it back in June, it continues to mature. We’re seeing people gravitate towards wanting to talk to chat and not necessarily click a button in the UI or engage with AI that way. And it makes sense. If you think about it, we’re humans, you and I are talking, we’re having a conversation. That’s how we’d want to engage with it. And that’s why the chatbots are so popular.

And so what we’re looking to do is continue to take what we’ve released. We have 14 AI features today.

Alan Shimel: Really?

David DeSanto: Yeah. Everything from, GitLab is for the entire SDLC. So we have AI assistance in planning, coding, securing, deploying, the whole way across. And so we’re slowly moving those features into chat. An example that explained this vulnerability is a great example. So that’ll be available in chat here shortly. And the reason why we’re doing that is the natural thing is, “Well, help me resolve it. Here’s my code.” And so we want to help AI be not just a pair programmer for the developer, but be that trusted partner that can help write more secure codes. So I would say over the coming several months going into RSA, you’ll see a lot of AI and security and our Duo Chat feature coming together.

Alan Shimel: I love it.

David DeSanto: The other area is our-

Alan Shimel: Wait, hold on one second.

David DeSanto: Oh, sorry. Yeah, go ahead.

Alan Shimel: I want to make sure Duo Chat, not everyone out here is going to know Duo Chat.

David DeSanto: Yeah, so perfect. Yeah. So GitLab Duo is the name of our AI workflows within the GitLab platform.

Alan Shimel: Got it.

David DeSanto: The name is based off the fact that it’s you as a user, plus AI makes the AI dynamic duo.

Alan Shimel: A duo. Okay.

David DeSanto: It also helps that I’m a huge Batman fan and dynamic duo has that in it.

Alan Shimel: All right. I love it. I love it.

David DeSanto: I didn’t tell marketing that though.

Alan Shimel: No, no, no.

David DeSanto: No, no. No. Hopefully they don’t watch this. They’ll now know my secret.

Alan Shimel: What does marketing ever? I’m only kidding. I’m only kidding. I love my marketing people.

David DeSanto: So that’s the name of the suite of those AI workflows. And so there are things like explain this vulnerability. You’re explaining of codes for, we actually haven’t explained this code.

Alan Shimel: I love it.

David DeSanto: We’ll explain the code. We have our code suggestions, which is going to generate either code completion, your cursors in the file, it’s reading what’s before and after the file’s open and recommending code.

Alan Shimel: I love that.

David DeSanto: Or code generation where you can actually do comment decode, that’s actually the most popular for our users. As well as things in helping you do your planning, summarizing conversations, helping with CI configurations and beyond. So that’s what GitLab Duo is, and Duo Chat is part of that. And so that’s the chatbot you can launch within GitLab’s UI.

Alan Shimel: Now, is there a way to kind of implant this into your IDE, or?

David DeSanto: And that’s the last thing I was going to mention that we’re working on. Yeah. So the other thing-

Alan Shimel: You didn’t pay me to say that.

David DeSanto: I did not.

Alan Shimel: Okay.

David DeSanto: I did not.

Alan Shimel: Go ahead.

David DeSanto: It’s almost like you read our GitLab issues and read our roadmap.

Alan Shimel: We may not coordinate our wardrobes. But we do-

David DeSanto: We didn’t. I do wish I would’ve worn the fall shirt today.

Alan Shimel: Next time.

David DeSanto: We will. Next time we’ll do that.

Alan Shimel: All right.

David DeSanto: But anyway, we’re going to be bringing Duo Chat to the IDEs. So today we have it as an experimental feature and we’re trying it at GitLab today to make sure it works. But it’ll be available in all the IDEs that we support today, including the JetBrains Suite, Visual Studio, VS Code, Neovim, and the GitLab IDE.

Alan Shimel: I love it. I love that. Fantastic.

David DeSanto: But by the way, that’ll also then bring those same actions that are in the GitLab UI into chat in your IDE, so you can actually explain the vulnerability, explain the code, all those things directly where you’re working. You don’t have to leave your IDE to get that.

Alan Shimel: While we’re on this subject. A lot of people out here, look, there’s so much, there’s so much controversy around AI. Is it going to kill off humanity? Is it going to take everyone’s jobs away? Is it going… My feeling is, it’s not… Will it do some jobs? Yeah, but for the most part, it’s going to make a lot of people who do these jobs 10x more effective. How do you view it, and how does GitLab view this, in a world where chat and Duo Chat is built in and AI is built into the entire GitLab SDLC pipeline.

David DeSanto: Yeah.

Alan Shimel: Does it really 10x these people?

David DeSanto: So that’s our target. And to give a little context for everyone, GitLab Ultimate, which is our top tier, includes every future GitLab has including AI. We did a survey of our customers. We had an independent company do that. They found that people using GitLab Ultimate get a 7x boost in efficiency for their organization.

Alan Shimel: So you’re over halfway there.

David DeSanto: Yeah. And an ROI within six months of what they paid for it. And so when we asked ourselves, “How does AI help?” We set ourselves a 10x goal. So continuing to accelerate that efficiency. And our customers using GitLab today and GitLab Duo are talking about that. They’re talking about getting through code review faster. They’re talking about resolving vulnerabilities faster. And to the first part of your comment, we don’t see AI as a replacement for your team members. We see it as helping them be more effective, removing some of the mundane tasks that can slow them down and unlocking their true potential.

Imagine a world where your developers don’t have to worry about doing things like creating the template for the code and now they can just go in and write the actual strategic parts. And same thing across the entire software development lifecycle. I personally benefit from Duo almost on a daily basis, in that as the CPO of the company, I get pinged on our GitLab issues or GitLab Epic or whatever, and someone will say, “What are your thoughts on this?” And I’ll look at it and I go, “How long is this?” And I’ll go up and say, “PDF it.” And it’s like it’s a hundred pages, the issue’s been open eight months.

Alan Shimel: Summarize.

David DeSanto: Customers are coming, yeah. So I say-

Alan Shimel: I do the same thing.

David DeSanto: “Summarize the discussion,” right?

Alan Shimel: We’re connected. I do the same thing.

David DeSanto: And so that’s where I see it. That made me more efficient. I now didn’t spend two hours doing that.

Alan Shimel: I’m doing the same exact… As CEO at Techstrong, I’m inundated. Inundated with content. “Should we publish this? Is this the right tone? Here’s the abstracts.” And a lot of times, and I don’t mean to sound callous, but I just don’t have the time to go through it all. But a summary, man, just give it to me in five bullets.

David DeSanto: Right. And by the way, the other part of that that I use is that it could also help generate descriptions and tasks. And so-

Alan Shimel: A bot.

David DeSanto: Right? So I’ll just say, “I read all that. I have an action, remind me to do this. Help me create the task for it,” and so forth. But you are the great example, right? Same thing with the developer, a security person. There are other things that your brainpower should be used for and why spend the time doing those things that-

Alan Shimel: I agree.

David DeSanto: Truly are not moving Techstrong forward or that company’s application for it.

Alan Shimel: We’ll come up with a, we have a theme for given event, a virtual or in-person event. We need the abstract. I can have other people write the abstract, but it doesn’t really capture my vision for it. I find just putting that into bot, into a chat, it nails it. But here’s another thing that I think is, and again, for those of you out there who don’t use generative AI yet, you should. Don’t be afraid to give it a nice long prompt or give it a lot of back. Because the more info you give it, the better it kicks back to you.

David DeSanto: It does. It actually goes off feedback and you can like something or thumbs it down.

Alan Shimel: That was another kind of revelation. And I think it’d probably work the same way with code.

David DeSanto: It actually does. So the backend of GitLab Duo is monitoring for the amount of code you keep. So do you accept the recommendation? Do you not? It also measures retention. So is that code still there after you move on? And same thing with the chat. So I’ve actually had to say to it, and there’s a joke on the internet about you have to be polite back to the chatbot. I actually just recommend it because I’ve seen that documentary Terminator with Skynet. I’m just afraid-

Alan Shimel: One day they might come for you.

David DeSanto: You want to suck up to them now, so when they take over, they remember you.

Alan Shimel: They’ll remember it.

David DeSanto: But no, I’ll actually say back, “That’s interesting, but have you thought about this? And here’s why.” And then I see that it actually learns from it because we constantly fine tune models based off that feedback. Right?

Alan Shimel: I agree.

David DeSanto: So, absolutely. Please be kind to the chatbots. GitLab Duo will always be chat to you.

Alan Shimel: Be kind to your chatbots. And be kind to everyone else, right?

David DeSanto: If it is-

Alan Shimel: Especially in this day with everything in our world going on.

David DeSanto: If it’s anything, you should be polite. There you go.

Alan Shimel: If you can be anything, be polite. Non-AI stuff, what’s your impressions of the show this year?

David DeSanto: I’ve enjoyed it so far. RSA conference used to be my favorite conference to go to. I think KubeCon is now tied for first and might sometimes edge it out. And the main reason why is that here is one of the few times I feel like it reminds me of the Black Hat Conference back in the day.

Alan Shimel: Back in the day.

David DeSanto: You’ve got all the, it is not meant to sound negative, but the doers here, right?

Alan Shimel: Yeah.

David DeSanto: You’re having real conversations with developers who are trying to understand operations better, security professionals who are here trying to make sure they’re supporting developers’, operations. Same thing with operations. So you get this really good mix of people and it just reminds me of almost like a large startup, if that’s a good way to look at it.

Alan Shimel: Yeah, no, there’s an energy that’s palpable, that I think works.

David DeSanto: But I do want to just make sure RSA, I still love you.

Alan Shimel: We’ll be there, May 6th-

David DeSanto: I’ll be there as well.

Alan Shimel: Is our DevSecOps. It’s going to be all about AI in the future of security, our event as well as the larger AI event all week. Or the larger RSA event all week. What about re:Invent? You guys are going to be at re:Invent?

David DeSanto: We will be at re:Invent. I will personally not be there.

Alan Shimel: No?

David DeSanto: No. I actually, I hit the point where this is my last whole week of the year. I’ve been gone three weeks a month for this entire year. I want to stay married.

Alan Shimel: I hear you.

David DeSanto: I want to spend some time with my dogs. And so I’m taking December and most of January off from travel.

Alan Shimel: Good for you.

David DeSanto: Yeah.

Alan Shimel: I’m getting a new dog Friday.

David DeSanto: What kind of dog are you getting?

Alan Shimel: I guess I could share it. So we’ve had bulldogs for about almost 30 years.

David DeSanto: Okay.

Alan Shimel: Our last one passed away in May. She was 14 and a half.

David DeSanto: Actually, I think you and I talked about that.

Alan Shimel: Yeah. So it took a little while for us to get back in the, I need a dog, but I need a dog. So it’s a new bulldog puppy. Her name is Kaia, K-A-I-A, which means sea in Hawaiian. Her father’s name is Ocean.

David DeSanto: Oh, wow.

Alan Shimel: And yeah, I’ll post pictures.

David DeSanto: Okay. I think I’ve shared this to you before, but we have two rescues. They’re both Chihuahua mixes.

Alan Shimel: Oh, yeah. Yeah.

David DeSanto: One’s really dumb and the other one’s really smart, so [inaudible 00:18:47].

Alan Shimel: It’s good mix. Yeah.

David DeSanto: I will tell you, when I get home, they’re so excited to see me and they get really sad when I’m packing, so.

Alan Shimel: There’s nothing like the love of a dog.

David DeSanto: I completely agree.

Alan Shimel: No doubt.

David DeSanto: But about the conference.

Alan Shimel: Yeah, we went off there, but go ahead.

David DeSanto: Completely derailed us.

Alan Shimel: Yes.

David DeSanto: So for GitLab, a couple things. So if people are watching and they’re here, they want to see it. If not, check it out after the conference on our website. We brought our product analytics feature to market. We already have some customers adopting it and we’re demoing it. And I wanted to share it here because KubeCon’s also about visibility and you can’t close the SDLC without user feedback. And so similar to how we have observability, just about the application running in production, the value stream analytics and value stream management. This is now user feedback. So as part of GitLab CICD, we can embed telemetry into the application. So when it’s deployed, it can connect back to GitLab and start giving you data about your monthly active, daily active usage, the return rate of those users.

Alan Shimel: This is available now?

David DeSanto: It is available now.

Alan Shimel: Or you’re just demoing?

David DeSanto: No, it’s available. It is available.

Alan Shimel: What do you call that?

David DeSanto: Well, we love our boring names at GitLab, it’s one of our values. So it’s just called GitLab Analytics.

Alan Shimel: GitLab Analytics. Okay.

David DeSanto: Yeah, GitLab Product Analytics to be specific.

Alan Shimel: All right.

David DeSanto: But yeah, we started using it earlier this year for our handbook and we’re able to learn about how our users use the handbook, our employees and team members. And so I’m excited how make this available because other people want to understand how their apps are being used. Long term, we’ll be able to pull in things like retention rate, user adoption journey metrics. But today it’s just those raw metrics like the active usage, return rate, the graphs of how the usage is going. But we’re very excited to be demoing it here. It’s really cool.

Alan Shimel: Absolutely. Very cool. GitLab user analytics.

David DeSanto: Yep.

Alan Shimel: David, it’s always a pleasure, my friend.

David DeSanto: Love our chats.

Alan Shimel: You know what? I spoke to you. We’re going to do another chat with David before you leave for two months with the dogs.

David DeSanto: Yeah. I will be working, for everyone. I’m not taking time, I’m just staying home. I’ll be-

Alan Shimel: Okay. You’re just not on the road.

David DeSanto: Yeah, I’ll be working from home that entire time.

Alan Shimel: I was going to say that’s a lot of vacation time.

David DeSanto: No, no, no. I did have my first big vacation since the pandemic though.

Alan Shimel: Really?

David DeSanto: Yeah, we went to Bar Harbor for two weeks and hiked Acadia National Park.

Alan Shimel: Oh, that’s beautiful.

David DeSanto: Yeah.

Alan Shimel: And when was this?

David DeSanto: End of August. Last two weeks of August.

Alan Shimel: Oh, so it’s still nice there.

David DeSanto: It was very beautiful, but-

Alan Shimel: Not really peak color season there yet. But beautiful time, summer.

David DeSanto: But we’ll definitely can connect because I’m working. I’m just not on the road.

Alan Shimel: But we’re going to have you on Techstrong TV because you guys have more news.

David DeSanto: We do.

Alan Shimel: That we can’t talk about yet.

David DeSanto: Yeah, that’s a good teaser. Everyone tune in.

Alan Shimel: That was my, that’s what we call it.

David DeSanto: For the big news. It’s the hook.

Alan Shimel: That’s what we call it in the industry. My hook.

David DeSanto: Going back to our marketing friends. That’s the hook.

Alan Shimel: All right. Hey, we better take a break here. We’re getting a little loony. We’ll be back. We’re live in Chicago at KubeCon with our friends at GitLab. We’ll be right back.