Quantum Leaps in Bioinformatics with Lynn Langit
Announcer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.
Corey: Today’s episode is brought to you in part by our friends at MinIO the high-performance Kubernetes native object store that’s built for the multi-cloud, creating a consistent data storage layer for your public cloud instances, your private cloud instances, and even your edge instances, depending upon what the heck you’re defining those as, which depends probably on where you work. It’s getting that unified is one of the greatest challenges facing developers and architects today. It requires S3 compatibility, enterprise-grade security and resiliency, the speed to run any workload, and the footprint to run anywhere, and that’s exactly what MinIO offers. With superb read speeds in excess of 360 gigs and 100 megabyte binary that doesn’t eat all the data you’ve gotten on the system, it’s exactly what you’ve been looking for. Check it out today at min.io/download, and see for yourself. That’s min.io/download, and be sure to tell them that I sent you.
Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance query accelerator for the Oracle MySQL Database Service, although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLAP and OLTP—don’t ask me to pronounce those acronyms again—workloads directly from your MySQL database and eliminate the time-consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.
Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. So, I’ve been doing this podcast for a little while now—by my understanding, this is episode 300 and something—but back when the very first episode aired, I had pre-recorded the first twelve episodes. Episode number ten was with Lynn Langit who is, among many other things, the CEO of Lynn Langit Consulting, she is also the first person to achieve the AWS Community Hero and equivalent designations at all three of the primary tier-one hyperscale cloud providers, which I can’t even wrap my head around what it takes to get that at one of those companies. Lynn, thank you so much for agreeing to come back now that I’m no longer scared of the microphone.
Lynn: Well, thank you for having me. It’s great to be back, Corey.
Corey: So, it’s been a few years now since we really sat down and caught up. And what an interesting few years it’s been. There’s been a whole minor global pandemic thing that wound up hitting us from unexpected and unpleasant places. There’s been a significant, I would say, not revolution but evolution in how adoption of cloud services has been proceeding. The types of problems that customers are encountering, the conversational discourse has moved significantly away from, “Should we be using cloud?” Into, “Okay, we obviously should be using Cloud. How should we be using it?” And the industry keeps on churning. Sure there’s still rough parts, there are still ridiculous aspects of it, but what have you been up to?
Lynn: Well, as you might remember, I have an independent consultancy where I do really what my customers need. I work across different clouds, which keeps it interesting and fun, but I’ve had a focus over the past few years in supporting bioinformatics research. Before the pandemic, it was mostly cancer research. Since the pandemic, it’s been all Covid, all the time.
Corey: All Covid, all the time sort of has been the unofficial theme of this. And it’s weird. I know, we’re in 2022, now, but it still feels like on some level, it’s like, “Man, this is March 2020; it’s still dragging on, on some level.” There have been a number of stories in the world that is, let’s say medicine-adjacent, more so than—we’re all sort of medicine adjacent these days, but there’s been a lot of refocusing away from things like cancer research into Covid and similar pandemic respiratory diseases. Do you think that there’s a longer-term story where we’re going to start seeing progress stall on things that were previously areas of focus—in your case cancer—in favor of reducing infectious disease, or is it really one of those ‘rising tide lifts all boats’ type of scenarios?
Lynn: Yeah, it’s the latter. It’s been really interesting. Without getting too much into the details, you know, you think of genomic research for drug discovery, you know, we started with this idea of different DNA sequencing cohorts. So, like people from the—you know, that started from the United States, people that started from Africa, you know, different cohort as a normative to evaluate the effectiveness of diseases, what was an area of research already was to go down to the level of what’s called single-cell RNA. So, look at the expression of the genomics by cell area, so by the different parts of your body.
Well, this is similar to what has been done to understand the impact and the efficacy of potential Covid drugs. So, this whole single-cell RNA mapping cohorts of what is normal for different types of populations has resulted in this data explosion that I’ve never seen before. And I see it as positive for the impact of human health. However, it really drives the need for adoption to the cloud. These research facilities are running out of space if they’re still working on-prem.
Corey: I spend an awful lot of time thinking about data and its storage from a primarily cost-focused perspective, for obvious reasons, and that is nuanced and intricate and requires, sort of, an end-to-end lifecycle policy. There’s this idea of, ideally, you would delete old data you don’t need anymore, but failing that you, maybe aspirationally, don’t need 500 copies of the same thing lying around. Maybe there are ways to fix that. And that’s all within one cloud ecosystem. You work across all of the clouds. How do you keep it all straight in your head trying to figure out things around lifecycles, things around just understanding the capabilities of the various platforms? Because I got to say, from my perspective, it’s challenging enough only bounding it to one.
Lynn: Yeah, it’s the constant problem. The big clients I had over this past year were not on Amazon, they were on other platforms. So, it seems like it sort of goes in cycles. And what I’ll sometimes need to do is hire subcontractors that have been working on those platforms because you can’t, I mean, you can’t even know one platform, much less all of them to the level of complexity in order to implement. One thing that is kind of interesting though, in bioinformatics is—and different than the other domains—is when you talk about data, it’s a function of time first and cost second.
So, they will run on less computational resources, so that they can, for example, not overspend their research grant, and wait longer for the results. And this has been really an interesting shift in my work because I used to work with FinTech and ad tech, where it’s all about, get it out there fast. And we don’t really care how much it costs, we just want it super fast. So, this continuum of time or money shifts by vertical. And that’s been something that—I don’t know, it’s kind of obvious, in hindsight, but I didn’t really expect until I got into the different domains.
Corey: It’s always been fascinating to me watching how different organizations and different organization types wind up have interacting with cost. I mean, I’ve been saying for a while now that cost and architecture are the same thing when it comes to cloud. What are your trade-offs? What are your constraints? In many venture-backed companies, it’s when you have a giant pile of other people’s money raring to go, and it’s a spend it and hit your milestone if you want to get another round of funding, or this has been an incredible journey Medium post in the making, then, yeah, okay, go ahead and make the result happen faster. Save money is not the first, second or third order of business as far as what you’re trying to achieve.
In academia, where everything’s grant powered. And it’s a question of, we need to be able to deliver, and we need to be able to show results and be able to go and play the game and understand the cultural context we’re operating in, and ideally get another grant next year, it completely shifts the balance of what needs to be prioritized and when. And I don’t think there’s been a lot of discussion around that because most cloud cost discussions inherently center around industry.
Lynn: They do and they focus on the industries where they’re willing to spend most. So, most of the reference examples are, they always prioritize for time and money is sort of unlimited. I’ll give you an example—this was from a few years back—some work I did with a research group in Australia, and again, it was a genomics example. They were running on-prem, and to do a single query, it took them 500 hours. And I was just like, “Are you kidding me?”
And they’re like, “Hey, cloud lady, what can you do?” Right? So, we gave two solutions, and the first solution was kind of a more of a lift-and-shift kind of a solution because they didn’t know anything about cloud. And it took a few hours. The second solution was what was in our opinion, super elegant, it was one of the earliest data lakes, it took minutes.
Well, it was a big hit to the ego that they adopted… the easier solution. But again, it’s a learning because another dimension about cloud architecture is usability. The FinTechs are like, “We’re going to get it really done fast; we’ll hire who we need to hire.” The biotechs, they can’t afford to hire who they need to hire because there all being hired by the FinTechs. So, you have these different dimensions you need to optimize for that aren’t really obvious if you just work in the industries that optimize for time.
Corey: And the thing that always gets overlooked is that in most environments, the people working on things are more expensive than the infrastructure themselves. And back when Lambda and all the serverless joy came out, my first iteration of lastweekinaws.com website was powered entirely by Lambda functions, S3, and other assorted bits of nonsense. Today, it’s on WordPress.
And it’s not because I think that is somehow the superior architecture from a purely technologist point of view, but because I have to find other people who aren’t me or one of the other six people in the world at the time who could stuff all that into their head and work on it effectively, should be able to make changes to the website. That is not something I need to be focusing on. There’s something to be said for going to where there’s a significant talent pool, rather than pushing the frontiers of innovation in areas that don’t directly benefit whatever it is your organization is targeting.
Lynn: Yeah, it’s really interesting, when Covid hit back in 2020—kind of an interesting little story here—one of my clients is the Broad Institute at MIT and Harvard—they’re a well-known research organization for, you know, cancer genomic datasets—they were tasked with pivoting their labs so that they could provide Covid testing capability. And I was a long-term contractor with them, so they brought me in for an architectural cloud consultant. I said, “This clearly is a serverless. I know you guys haven’t done this before, but this is going to be burstable, you don’t know how big this is going to need to go.” And then just to make life interesting, in the middle of the build of that, I was one of the first people in Minnesota to get Covid, so I actually wasn’t able to go and complete it, nor was I able to get a test because there weren’t tests.
I mean, you know, I can’t make this stuff up. I was in the ER saying, “Okay, is this the end of me, or can I go back and get you some tests?” [laugh]. So, it’s really kind of two things—kind of a weird story. And also, life situations will cause change, and so the Broad did launch that pipeline, and it was serving up to 10% of the Covid tests in the United States.
But they had never done anything serverlessly or had considered it before because they didn’t need to have that amount of change. It was really, again, a big thing when I came into human health. Prior to that, I was doing all serverless all the time. You know, I came into human health, and they were saying, “Okay, we’re going to have massive VMs.” And I was like, “No…” but you know, you have to meet the client where they are.
Corey: I think it’s the easiest thing in the world, particularly as a junior consultant—because you do not see senior consultants doing this ever, you know, after the first time—to walk into an environment, look around and have zero context into what’s going on—because you’re a consultant; you haven’t been there and say, “This is ridiculous. What fool built this?” Invariably, to said fool. Now, most people don’t show up in the morning hoping to do a terrible job at work today, so there are constraints that you are certainly not seeing. And maybe it was an offering wasn’t available that maybe they weren’t aware of it. Maybe there was a constraint that you’re not seeing.
But the best case is you’re right and you just made them feel terrible, which is not generally a great way to land more consulting projects. It’s always frustrating to me because even looking at a bill and having a pretty good idea of what’s going on, I always frame it as, “Can you help me understand why this is the case? Had you considered this, or is that not an option?” As opposed to categorically saying, well, this is not the way to do it. Because once you’re wrong when you’re delivering expertise, it takes a lot to build that back, if it’s even possible.
Lynn: Well, again, from human health because, you know, they were consuming the vendor information, they thought they wanted to learn how to use Kubernetes, but what they really needed to learn was how to do archiving to reduce their storage costs.
Corey: Yes. Kubernetes is a terrific solution for a bunch of problems and create several orders of magnitude more somewhere along the way. My somewhat accurate, somewhat snarky observation is that Kubernetes is great if your primary problem is you want to pretend you work at Google but didn’t pass their technical screen. I don’t really want to cosplay as a cloud provider myself, most days. That said, there are use cases for which it makes sense, but context is everything, and generally speaking, I don’t tend to follow a hype trend to figure out whether or not it’s going to solve my particular problem.
Lynn: Well, here’s the soundbite: “Kubernetes is today’s Hadoop.”
Corey: Oh, there are people who are not going to like that. I made a tweet, I think—
Lynn: Tough.
Corey: —three years ago now—
Lynn: It’s true. [laugh].
Corey: Oh, yeah. Tweet three years ago or so that said, “Hot take: In five years, nobody’s going to care about Kubernetes.” And I think I have a year or two left on that prediction. And what I said at the time was that not that it’s going to go away and not be anywhere—because enterprises do not move that quickly—but it’s no longer going to be the sort of thing that everyone is concerned about at a very high level. The Linux kernel has a bunch of aspects to it that we used to have to care about a fair bit. Now, a few people really, really need to care about those things; because of those folks’ hard work, the rest of us don’t have to think about it at all. And that is the nature of technology, in the fullness of time.
Lynn: Well, another way to think about it is Kubernetes is a C++. Certain people are going to be experts in it and need to, and that’s valid, right, but what percentage of developers code in C++. Like, ten? Five? You know, it’s kind of analogous, right?
So, it’s one of the signatures of my consultancy. You know, I’m this pragmatic midwesterner, and I love to say, “Look,”—like you said—“If you think you need this, you really need to understand the actual cost of it because it’s non-trivial on all clouds.” And I get to say that because I’m independent. You know, they’re doing solid work to abstract it into a higher-level implementation, but when I hear a customer say, “I need Kubernetes,” the burden of proof is on them [laugh] before I’m going to build that.
Corey: Speaking of hype-driven emerging technologies, you are arguably one of the few people on the planet I can have this conversation with, and I do not mean that as an insult other people operating in this space. For context, a couple of years ago, AWS launched Brakets—which they spelled Braket without a C because it’s Amazon and spelling is hard, presumably; I know, I know, there’s a reason behind it—and it is their service that enables you to get access to quantum computers the same way we get access to any other AWS service: Through a somewhat janky console and some APIs. And, okay, quantum computing. We’ve heard a lot about it forever; it always seemed a bit like science fiction and it was never really clearly articulated what kind of value it can solve for us.
So, “Aha, now it’s here. I don’t need to go and build or buy a quantum computer somewhere else.” And I tried using the Quickstart, and it turns out that the Hello World tutorial for quantum computing—at least to my mind—is basically an application for a PhD program at Berkeley. And I am not that type of academic for better or worse, so I kept smacking my head off of that and realizing, okay, whatever this is, is clearly not for me. You have been doing some deep dives in the quantum computing space, but as we’ve just mentioned, your day job is not, to my understanding, a college professor. You are a consultant, you run your own consultancy, solving data problems, particularly towards bioinformatics. What is the deal—to the layperson—of quantum computing these days?
Lynn: Well, yeah, like you, I was introduced years ago and tried to read the books, and I didn’t have the math and just, you know, saw it as a curiosity. Last year, I picked up a book from O’Reilly called Practical Quantum Computing, which of course, because the name was attractive to me. I read it, felt like I was getting a little bit more knowledge, implemented a learning JavaScript library with a browser-based editor—so zero-install—and it was a simulator, you couldn’t run it on actual QPUs. So, I decided to see if there’s any other interest in my tech community, and I got about five other developers and we ran a 15-week long book club because we all just wanted to move forward with our knowledge. Because there is this fundamental difference in the information you can get from a qubit versus a bit because a qubit can basically be, like, a globe, and so it has a superposition, and so you can have all the different mathematical points on the globe, versus a bit is on or off.
I mean, that’s intuitive, like, “Hey, I could get more information out of that.” So, the potential usages—it’s always been tech that leads the way—is on figuring out of what are called NP-hard or computationally complex problems, and, again, this is at the edge of my knowledge, but this is where bioinformatics is. I think of it in an oversimplified way, as [N by N by N by N, all by all by all 00:16:49]. We want to see all possible combinations of all possible inputs. So, for example, we can figure out which Covid drug we should try—which set of drugs we should try—and we want that as fast as possible.
So, I wanted to see, okay, you know, where’s this at? Plus, like you said, Amazon introduced Braket; when Amazon introduces something, then there’s some customers somewhere that are using it. I mean, that’s—you know, kind of pay attention to it now. So, as I was doing this book club, I investigated all the different cloud vendors and captured all that learning in a GitHub, and just recently recorded a LinkedIn Learning course. Which again, in the learning ladder is, if this is, you know, Hello World and this is actual implementation, it’s like right here.
But right here doesn’t exist. Like, there’s nothing there, so I tried to make something to say, okay, the Amazon Braket example, how does that actually work? What is a Hadamard Gate? Why do you care? What is amplification? How do you measure it? Like, what would you do with that? And so, you know, I tried to interpret some academic papers and do that learning layer in the middle to help move people towards productivity. Am I fully there? No. Did I move further? I hope so. Do you want to come along with me? Great.
Corey: You’ve done something, though, that I don’t think anyone else yet has when I had conversations with them about quantum computing, which is we all are shaped by our own needs and our own experiences when we interact with a cloud provider. To me, I, perhaps foolishly, took Amazon seriously when they called it Amazon Web Services. “Oh, okay. Clearly, this is going to be things to help me build websites and website accessories, more or less.” So, it’s always odd to me when I’ll see something like oh, and here’s our IoT solution that winds up powering a fleet of 10,000 robots, and I’m looking around my website going, “I don’t really have a problem that could be solved by the 10,000 robots. I have a bunch that could be made a lot worse.”
But it feels like it’s this orthogonal thing that is removed. But some areas, it’s okay. I can see the points of commonality and how you get there from here, and if I think really hard, I can do that with IoT stuff. For example, iRobot is a cloud-connected robot that talks to something that looks like a website and vacuums my house. Whereas with quantum computing, it always felt very isolated, very much an island as far as being connected to anything else that I can recognize. Bioinformatics research, as you describe it, well, yeah, I can see you get the bioinformatics research from web services. And now I can see how you can get to quantum computing through the bioinformatics side of things.
Lynn: Well, the other thing that really was useful for me, I am doing TensorFlow, finally. Took me a few years, but for neural networks. And so I am using, with some of my bioinformatics clients, acceleration with GPUs and TPUs, if I happen to be on Google because it’s a known thing that when you’re training a neural network, again, similar you have complexity, so you have a specialized chip, where you can offload some of the linear algebra onto that chip. So, you split the classic and the tensor portion, if you will, and you do computation on both sides. And so it’s not a huge leap to say, “Well, I’m not going to use a GPU, I’m going to use a QPU,” because you split. And that’s the way it actually works.
There’s actually a really interesting paper I put in my GitHub. It is a QCNN, and it is—that’s a Quantum Convolutional Neural Network that is used to analyze images of breast cancer. Because again, on the image, you can think of the pixels as what’s called a tensor, which is just vectors in multiple dimensions, you need the [all by all by all 00:20:17] again; that’s really how it goes in my head. You know, you have the globe of the qubit and you want to get the all possible combinations faster, so that you can analyze all combinations in the, in this case, the image. And they found, not only was it faster, it was more accurate. And that’s why I am interested in this.
Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.
Corey: The neat part is that this might be one of the first clear-cut stories where, “What could I use a quantum computer for?” And the answer isn’t something that’s forward-looking or theoretical. I mean, the obvious gag when you said reading about Practical Quantum Computing is that book is probably in pre-release, I would assume.
Lynn: [laugh].
Corey: But it’s a hard thing to solve for, and I do have the awareness that I am not an academic, academia has never been my friend, so I bias heavily for, “Well, can we use this to solve real-world problems slash make money?”—because industry—and academia focuses, ideally and aspirationally on the expansion of the limits of human knowledge. And sometimes it’s okay to do those things without an immediate, “Well, how can I turn a profit on it next quarter?” What a dismal, bleak society we have if that’s all that we wind up focusing on any given point in time.
Lynn: Yeah, that’s for sure.
Corey: Which, of course, sets us up for one other thing that’s a relatively recent change for you. You now have mentioned in your bio, which I believe is new since the last time we spoke, that you are an angel investor. And that is something that I recently found being applied to me as well after I made an investment in a startup that I was very excited about. I talked about in the show previously; it’s called Byte Check. But honestly, I didn’t realize that what I was doing was called angel investing until I read the press release because ‘strategic angel’ are two words that no one ever applies to me, particularly in that order. What happened? What are you doing these days?
Lynn: Well, I live in Minneapolis. So—and I moved there in 2019, so you know, my 2020 story is first I had Covid, got over that, and then I was there during the tragedy of George Floyd. So, I wanted to understand more about what were the root causes, and what I could do to make an impact in the recovery of my city. And I was really surprised to find that Minnesota is one of the most charitable states in the United States, it ranks one or two, but yet we have in the Twin Cities of Minneapolis and St. Paul, we have really unacceptable income inequality and poverty. So, something’s not working.
I’m a pretty charitable person; I always allocate a certain percentage of my money to charity, but I said, “I want to accelerate this.” So, at the same time, there was a new angel investment fund launched, it’s called Groove Capital, that was going to focus on women-owned and BIPOC businesses. And I thought, “Hmm, this seems good.”
Now, I was super intimidated because I lived in California for so many years, and check sizes in California, you just add a zero. And I thought, you know, “I don’t have generational wealth. This is my own money.” You know, I’m well-compensated, but I’m not loaded.
Corey: Yeah there’s a common trope right now that oh, angel investor is a polite way of saying I am rich—
Lynn: Right.
Corey: —but I rent my home at this point, living in San Francisco. It is, I am not exactly sitting here diving into a money bin out back, Scrooge McDuck-style either.
Lynn: Right. Well, I mean, you know, I’ll just be transparent about it. Like everybody else, or many people, I moved out of California because of the cost of doing business there and reduced my cost of living by 40% move into the Midwest, which is awesome. So anyway, I joined this fund, and it’s been just fantastic because I’ve listened to deals on my own and felt just like a complete, like, I don’t know what I’m doing. But I’m taking advantage—
Corey: How do you evaluate an idea that someone has that’s early-stage, barely better in some cases than back-of-an-envelope scrawlings?
Lynn: For sure, right. But what I found through the fund is I can contribute both money and time because, you know, I did this cloud expertise, and in addition to writing checks for a couple companies that I really believe in, for example, I got all these companies on the X cloud company for startups program. Because that wasn’t just a known thing in my ecosystem. I was like, “Why are you paying a cloud bill? You could be on the startup program for the first year.”
So, I’m impacting these new businesses with both my experience and my dollars, and I just really love it. I just really, really love it. And you know, the reasons I want to talk about it is because more people who have expertise in tech should do this because you can really, really be impactful. One of the companies that I invested in is called TurnSignl. They are coming to Los Angeles.
It was three attorneys and one of their brothers is a police officer. They wanted to de-escalate situations that happen with traffic stops. So, it’s a mobile app, where you push a button and you’re connected to an attorney. And they do training for the community and police officers, and the idea to record the conversation and to get an attorney involved to de-escalate and get everybody home safely. And that was my first investment and I’m—it’s going national, and I’m like, really, really—the kind of things I want to do you know.
Corey: It is simultaneously such a terrific idea and such a stunning indictment of the society that makes something like that necessary.
Lynn: Well, you know, we have to find practical solutions. We have to find ways forward.
Corey: Oh, please. Don’t interpret anything I’m saying a shade on that. It’s like, “Well, I wish the world were differently.” Yeah, I think most people do. But you have to deal for better or worse with the hand that you’re dealt, and this is, for better or worse, at the time of recording this, the society that we have, and finding the best path forward is often not easy.
But it beats just sitting here complaining about everything every day, and not doing anything to be part of that change. The surprising thing I learned as I went through it was that in many cases, the value of individual angel investors is not the check that they’re writing, that’s basically just almost a formality, on some level. It is the expertise, it is the insight into particular markets, and the rest. The part of what you’re saying that surprises me that I hadn’t really considered, but of course, it must exist, is the idea of angel funds. Is this generally run by an existing VC firm? Is it a group of like-minded friends who decide, ah, we’re going to just basically do the investing equivalent of a giving circle where everyone puts some money in the pot and then that decides where to go? How is it structured?
Lynn: Yeah, the way ours worked is you do pay a fee—it’s a small fee—to be part of it, and then they have people who vet deals for you. And then what I really like about it is the community aspect because just like in tech, when you’re learning something new in tech, you have community, same thing here. We have a Slack, we have a website for each deal, we have in-person meetups when Covid situation allows, and we have chosen to start by investing in Minnesota, although we’re going to, in fund two we’re going to invest in Upper Midwest. And for example, here’s something I would have never known. There’s an angel tax credit Minnesota, that for certain businesses, you can get a 25% tax credit. Which hey, do good, be good, get good. I would have never known about that, I would have never known how to do it. All my investments so far have qualified. Fantastic. My money goes further.
Corey: Yeah, it’s about well, what are you talking about worrying about taxes? That there’s about to be doing something good? Yeah, great. If you believe in a cause, take advantage of the tax code as written—I am not advocating tax fraud; pay every cent that you owe, let’s be serious here. They have no sense of humor about that—
Lynn: [laugh].
Corey: —and take advantage of that. That means you have additional money to do good with. I wish that more people had an awareness around that particular school of thought.
Lynn: Well, make your money go further, make your money effective.
Corey: Oh yes.
Lynn: Because like it or not, we run on money. We run on money. And so be smart, from everything where you shop to how you spend. That’s how we’re going to make change.
Corey: One last area I want to explore with you is that for a long time you’ve been working on, effectively, data pipelines and similar things in that space, tied to your consulting work. You are clearly skilled across all of the various cloud providers and even tieing into the expertise side of what you’re doing as an angel investor, you’ve always been a staunch advocate for, I guess we’ll call it doing security the right way. And I’ve always been tangentially related to security throughout the course of my career. And somewhat recently, I launched another day of my newsletter focused on security within AWS, for folks who are not themselves in the security space of what do you need to know. But so much of it comes down to the do the easy thing now, the right way to do it before you wind up having to do a whole bunch of damage control. And you’ve been advocating for that since before it was trendy to do so. I imagine you’re still somewhat passionate about that perspective.
Lynn: Well, I always like to say, you know, Werner Vogels doesn’t talk anything about tech; he just talks about, “Please use our security.” And I don’t blame him. I mean, you know, I joke that I am an AWS Community Hero because I made a bunch of YouTube videos about securing buckets. And that was, like, seven years ago and I just had a financial client, literally in November, and their buckets, you know, was made public because it was easy for the developer. I’m like, “Ugh, can we just do our foundations?”
I don’t know why it is not seen as a valuable skill. I mean, I’ve made craploads of money because people come after they have an incident, but you know, I wish we would be better. And I’m worried because as we start to get more and more of our health information in these big repositories—granted, we have some laws; yay, good—but it’s just not valued like coding up a new feature with node or something. And why not? I don’t understand.
So, I make all these educational resources: I make courses, I have GitHub repos, I have videos. You know, just do it. Plus the people who learned security. I mean, we are always in demand. I’m not a security professional, but I always do security kind of like as a courtesy. And people are like, “Oh, you know, you’re great. Oh, my friend needs you.” Dah-dah-dah… I mean, you’ll be working forever.
Corey: It feels like it’s aligned with cost in that it is almost a reactive function. You can spend all your time on it, but it’s not going to advance the state of your org further toward its stated goals. You’ve got to do it, but there’s also never really any ‘done’ there. It’s just easier for me on the cost side because I can very easily quantify the return on investment, whereas with security, it’s much more nebulous. And, of course, you wind up with the vendor—I’m going to call it what it is, in some cases—nonsense that is in this space, where, “Oh, you’re completely doomed, unless you buy their particular product.” You know, walk up or down the aisle at RSA a few times and your shopping cart is full. And great, are you more secure? You’re a lot more complex, but does this get you to a better outcome?
And it’s, I am so continually frustrated by all of these fancy whiz-bang solutions that are sort of going around the easy stuff—not easy, but it’s the baseline level of things: Secure your S3 buckets, or—for users themselves—it’s use a password manager that has a strong password on it, use it for everything, use MFA for the important things that you need to use, make sure your email is secure, don’t click random nonsense. There’s a whole separate pile of things. If I can click the wrong link in an email and it destroys my company, maybe it’s not me clicking that link in the email that’s the root problem here. Maybe there’s an entire security model revisitation that’s due. But I’m sorry, I will rant like a loon about the dismal state of security these days, if you let me, and you absolutely should not.
Lynn: Well, I would just entreat the audience, basic threat modeling is not complicated. It’s like cost modeling. It’s just a basic of having successful business on the cloud.
Corey: [sigh]. I wish the world work differently than it does, and yet here we are. Lynne, I really want to thank you for taking the time to come on the show a second time. If people want to learn more about what you’re up to and talk to you about anything we’ve discussed, what’s the best way to find you?
Lynn: So, if you can’t find me, you’re not looking. I have an internet-easy name. But two places that I’m pretty active: Twitter—just my name, @lynnlangit—and go to my GitHub. In particular, I have a learning cloud kind of meta-repository that has over 100 links to mostly free things on every cloud and just use them. Have at it, learn, be a practitioner, use the cloud more effectively.
Corey: And we will, of course, put links to that in the [show notes 00:32:25]. Thanks so much for coming back on. I really appreciate it.
Lynn: Thanks for having me. It’s been fun.
Corey: Lynn Langit, CEO of Lynn Langit Consulting, and oh so much more. I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment talking about how security really isn’t that important, and right before you submit that comment accidentally type your banking password into the form, too.
Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
Announcer: This has been a HumblePod production. Stay humble.
Join our newsletter
2021 Duckbill Group, LLC