 If I tried to list all of general Paul Nakasone's accomplishments and is over three decades of service to the nation, it would use up all our interview time so I'll just sum it up by saying that when it comes to national and cybersecurity he's been there and done that. His roles have ranged from command at the company battalion and brigade level to assignments in the US, Korea, Afghanistan and Iraq to finally serving as both commander of us cyber command and director of the National Security Agency since 2018 during what has been in arguably one of the most dynamic times and not just cybersecurity history but overall national security general thank you very much for joining us. Thanks Peter it's good to see you again. So, let's jump right in. As you come to the end of your time in military service. Can you take us through how it started and evolved what were some key lessons that you've learned along the way. Peter, I was commissioned through the ROTC program at the end of the Reagan administration so I enter an army as a career intelligence officer, really at the kind of the height of the Cold War. And what I see is, first of all, the demise the Soviet Union. I see the rise the Balkans, and then I'm at the Pentagon on 911. And I think I would characterize everything in my military experience pre 911 and post 911. And so, from the post 911, you know, opportunities like many of my peers to serve in Iraq and Afghanistan, but in 2007 I landed the National Security Agency to command a brigade. And I just happened to be at a time and a place where cyber is taking off. We've seen our experiences in Iraq, where we were able to bring signals intelligence to war fighters on the front end, and also seen in 2008, the penetration of our classified networks and so I'm there for the stand up of us cyber command so I guess a person that's been fairly lucky in their experiences through their career. Let's look at what's changed over that period of time. Let's break it down. What was the biggest change that you've seen within the military during that period. And then secondly, I'd like to ask you what's the biggest change in terms of the types of threats that you've been dealing with. Yeah, again I entered the military right after Goldwater nickels has been signed and I would tell you the dramatic change in our military is the ability to operate as a joint force. I come into a service, you know that's very parochial in the late 80s, but by the 90s we have learned the lesson that it is all about being joint. The idea that we're going to do things in the future is through a joint force, and my experiences in Korea and Iraq and Afghanistan reinforce this idea that if we're going to have success. It's going to be part of the joint force. And with that comes this realization that with the joint force, we're able to take this concept this tenant that we've always talked about intelligence driving operations, and actually make it, make it real. That's what we have done really since I would say since about 2005. So when you say make it real can you give a non classified example to illustrate that for us. I saw it specifically, you know, in 2006 2007 all the way in the mid 2000s in Iraq and Afghanistan when you had. Our special operations forces, and then our conventional forces take what is, you know, incredibly sensitive information from the National Security Agency, and be able to utilize that a series of missions where they're actually able to drive their operations one mission three missions five missions, sometimes multiple missions and a night. And this is not just on our very elite operators, but also on our conventional forces. So let's talk about that threat side of things and the change in it so over the course of your careers you laid out, you know, you went from having to think about the Warsaw Pact Soviet Army to then Iraq to then insurgents Taliban to now great power competition. So what's your thoughts about how it's not merely the way the threat has changed, but the way that you as a leader have to think about that threat. I think the last portion is really important Peter because this idea of critical thinking being dynamic in your thoughts is something I've seen very successful leaders do throughout my career. And I think that with really a bipolar world where we're all thinking about the folder gap. We transition to counter insurgency violent extremist organizations, and then we're coming back to great power competition where the lessons that you learn in the late 80s, suddenly are coming back in, you know, the mid 2000s. And from that I think that I would say is that, you know, your ability to understand, you know, what are your competitive advantages, how do you think differently about the threat that you apply our competitive advantages to the threat are what makes very successful leaders and obviously separates those that have been successful from those that have been less successful as well. So we've got some folks listening who were around for that lessons from the 80s and the Warsaw Pact that are coming back. What's a particular lesson that you see coming back from that period of a different kind of great power competition but there are some parallels. You know, we, we come back to deterrence right I mean deterrence is something we all studied. As we came into the military in the late 80s is something we practice. I think we, you know, lost a little bit of our operational knowledge of it, you know, as counter terrorism violent extremist organizations played out and now it's coming back I think what's different and way that I've seen it in cyberspace is it's not necessarily that are, you know, what we do have changed, but how we do it needs to change and so when we think about deterrence how do we use information differently how do we use intelligence differently, how do we use our technology different to, you know, be able to signal to our adversaries of our capabilities. So let's go into that area that is fundamentally different because you know literally it didn't exist back then which is having to develop cyber strategy so you've been part of doing this at both an organizational but also a national level. First, what do you see as the essential elements of cyber strategy. There were four different cyber strategies from our department 2011 2014 2018 and now the latest one that's coming out in the coming weeks. Really successful strategies first of all, are able to depict the strategic environment in which we are in. Okay, that's one of the things that's necessary for strategy, but the big piece that I think successful strategies have is being able to identify the one meaning that we're going to get to our ends, much more successful let me give you an example. I think 2018 is a watershed moment in terms of the way that the Department of Defense approaches cyber, everything up to that we were relatively passive. We'd have an intrusion we would lose data we would have an intruder in our networks and then we would go to to clean it up in 2018 we said, This is going to stop we are going to have a much more proactive approach. This is defend for this is an idea of operating outside the United States to be in constant contact with our adversaries to understand what's going on for us cyber command this is persistent engagement informing and acting. And so to your question is, you have to describe the strategic environment, but importantly, describe exactly the ways and the means that you're going to get after to make a difference in what the strategic environment is telling us today. So that's a really interesting that you've been there to witness and been part of the creation of multiple different strategies. So, I'd like to ask you to put on my professor hat I'd like to ask you to evaluate not the strategy itself, but how we build strategy. What does the US do well in terms of the building of strategy. And what do we need to up our game on when it comes to this building the process of developing strategy and cyberspace. The US military does very well at a doctrinal approach a methodology upon which we build a strategy. We've done this we have a doctrine that that identifies how we do it as army officers learn this in Leavenworth you learn this at the army war college. You learn this in your joint force training. It's very laid out I think we we write a lot of strategies. I think the challenge that I see with strategy right now is that we tend to be so siloed within the military that we forget that there's, you know, there's other means upon which we can accomplish our outcomes. How do we look differently at the interagency how do we look differently at the intelligence media how do we look differently at the private sector. These are all incredibly important in the environment in which we live today particularly in the domain in which I operate which is cyberspace. You're going to write a strategy you're not talking about the private sector, or you're not talking about international partners. What's the value of the strategy going to be I would say probably less than what you're hopeful and so I think the challenge that we have is we've got to think broadly about how we're going to bring different players into and make them a part of our strategy and ensure that we, you know, somehow incorporate their contributions or what we need from their contributions to be successful on our own ends. Thank you so you're at a important moment of transition, both for the nation but also for you personally. As you look back, what are you most proud of in your tenure at cyber command and the NSA. And in turn, are there any areas of unfinished business so to speak. Personally, I would go back to 2018 and it's a Russia small group. I'm proud of my confirmation hearings knowing that there's going to be a safe and successful election the midterms in 2018, or there's going to be a new commander and a new director of NSA. And so we got after it very quickly we brought together the best event is saying us cyber grant he said, Hey, this is our end, we're going to get a safe and successful election for the midterms in 2018. We kind of grew from that or a number of different ideas that set the course for us at both our agency in command. Things like hunt forward operations. You know today we've done 50 different operations 23 different countries 77 different networks with partners to hunt for adversaries. This is an idea that again that's, you know, akin to our defend for our persistent engagement. It also brings in this idea of the private sector. In the fall of 2018 we say, Hey, we found all this malware let's look at a, you know, a civilian company to see if they've ever seen this malware before so this private public partnership is actually demonstrated then. And so what grows from the Russia small group is, first of all, in the agency, this idea that we need a cybersecurity director and a year later we do that. What grows from that is that, Hey, what we are doing is not going to change we're going to do signals intelligence cybersecurity and cyber operations at both our agency in command. But the how is dramatically different we're going to operate in the unclassified space we're going to operate with public sector partners we are going to be able to publish things like cybersecurity advisories that we release to the nation in the world. This is different and this is all from the Russia small group. Let me talk a little bit unfinished business for us. I've talked about China as the generational challenge for our nation. Our current generation, our children, our children's children. It is a different nation in terms of the competition that we are experiencing now with China. As we look to the future, my sense is is that we will continue to have this very, very high level of competition. But if we want to ensure that the future is one where we're able to protect our homeland and continue to protect our allies and partners, we have to address the challenge that is China. The automatic information military economic power of this nation is different that we've ever experienced. In terms of the agency unfinished business for me is really focused on our people and the next five years we're going to hire half of our civilian workforce. We have to think differently about talent management. How do we onboard people how do we train people. How do we do hybrid work. How do we look at things like well being that is, you know, akin to what we saw what we needed during 2018. And then on the command side the unfinished business for us really is getting to sustain readiness, our optimal has increased dramatically. How do we take service like authorities and blend them into what we are doing and get the experiences of a force that is always ready and always able to continue to do multiple missions at one time. This is the unfinished business for us Peter. So I work in that space between both nonfiction but also sometimes fictional future so I'm going to ask your help. Can you paint a scene of what cybersecurity and cyber warfare will look like 10 years from now. What will be the same. What might be different. The same with what I think the same as I think success in the future will always go to the nation or the the activity that has the best people and are able to leverage the people and being able to apply those people in a manner that gets sufficiently to the end state that they're trying to reach that's not going to change I don't think that the nature of warfare is going to change in terms of being violent and bloody and incredibly challenging for a nation state. But here's what I think is going to change the fact that speed is going to change dramatically. We see it in our domain what was once weeks have become days what has become days have become hours in the future will be down to seconds in terms of what we're going to have to be able to process what we're going to have to be able to do. Secondly, my sense is that partnerships are going to change. If we are going to be successful, particularly the domain in which I operate cyberspace, we have to have a much broader range of partners. We have to partners that are not only within our government but within the private sector that are international partners that are academic partners that allow us to get after very very tough challenges in a very quick manner. And the last thing that I think is going to change is, is obviously I think we will see, you know, a continuing challenge with regards to how do we leverage the technology that is so quickly changing what we're doing whether or not it's artificial intelligence, machine learning, whether or not it's encryption, whether or not it's future quantum these are the things that we're going to have to master as first of all joint force, and then obviously as policymakers as well. You've been very generous with your time so I'd like to close by asking one last question that in many ways is, you know, behind the scenes for some in the audience, particularly those at the start of their careers. What are their advice that you would give to someone just entering the field of national and cybersecurity tips for for how to thrive in the way that you have. So I think I'd begin Peter with the idea that treat your treat your work as both as a profession, and as being a professional. And I think I've been the beneficiary of has been really a career of continued education. And whenever I was moving towards another rank or a new job it seemed like the service had sent me back to further training. This is part of being a professional and being a profession. I've also had the great fortune to work with incredible leaders, people that really set the tone, both in the policy making and also the operational force. A series of different folks on the joint force, a series of folks of army leaders, whether or not it's been Keith Alexander or Stan McChrystal, or others, they have really kind of shaped this idea of what a professional does and how they operate. The second pieces is that I've learned from my experiences that one of the key things that you have to bring to your work is passion. I mean, you get up in the morning and what you do matters and you feel as though what you do matters and you get excited to go to work. Obviously, some days you're more excited than others. But the key to success here is that find something to your passionate about. And when you find that passion, you know, continue to continue to look at being a professional and enhancing the profession. And the last thing I would share, and this is probably a bit parochial, but I think many with my experience would say the same thing. It comes back in many ways to small unit leadership. When you're a rising cadet, before you get commissioned, one of the things that they do is they teach you to be a small unit leader, a fire team leader, a squad leader. And those lessons have never really left me. Set the example, lead from the front, establish and maintain standards, being able to articulate guidance clearly, moral and physical courage. You know, it seemed like at the time when you're learning those things, okay, okay, I got it. But every single job, every single day that I spend here within the agency and command, I come back to the same principles. And so small unit leadership really was among the most essential things that I learned early in my career. General, thank you both for spending time with us today and also all that you've done for the nation and cyberspace itself. Appreciate it. Thanks, Peter.