 Hi, everyone. Welcome to the biohacking village at Def Con. This is our sixth year. I am Nina Ali. I am the executive director. This is my fifth year of running the village. Thank you for coming. I want to let you know that this year has been quite an adventure. It's been very similar to one of those choose your adventure books where it's just so many options and you're working through everything trying to make it all work. I decided last year that I was going to do the keynote, but I knew that I didn't want to do it myself. So what I have done is accumulated folks that I know folks that I trust and people that have very strong expertise in their fields, and I talked to them. And I want you to know that I did not prep them for these interviews. I did not give them questions beforehand. Everything you see is raw emotion, raw gut reactions. And I think the information is really important, especially right now. And for the future of where we are going to go with healthcare and how we can secure it and make patient safety a priority. Thanks for watching. Hey. Hey, how are you? I'm getting you. I'm okay. So I brought you here because I want the biohacking community to see the people that I talked to see who I engage with. See where where where my brain thoughts lie and who I talked to at three in the morning. I met you three years ago. Jason Street gave us the introduction of black hat. And yes, I do remember everything. Good day. And then my drug got accepted home to own my own pacemaker by a hot village. We kind of just fell into a friendship, I think it was just instantaneous like a new my whole life. I remember like with my first talk we shared the key that I really needed it. And now three years later, we're still kicking ass, taking names and planning big things. We became instant friends. And we have continuous dialogues at 3am Eastern, depending on times here between like eight and 9am your time. What are you working on right now? Working on standardizing and defining shit. I'm slightly tired of us, you know, having this cookie caster approach to medical security and house key security, because let's face it. Yeah, this is not a Windows 10 machine or the standard endpoint we dealing with. But each one has a different way. So why are we making it harder on ourselves by not defining and standardizing. So that's my pet project is just to get the shot right to find it out. And let's understand what we're dealing with. Let's listen to the devices. Let's not do all the talking that the data speak. What's your call to action to the community. I think the biggest thing I've realized is as a community, we can't work together, can't listen to diverse objective stories. So just because someone disagrees with you doesn't mean they're wrong or you wrong. I think the community as a whole, we should approach this not just about finding problems, we should be finding the solutions. So we should be the builders, the breakers and the pioneers going forward. But it takes a village, but intended. Right. Yeah, I did it. I did a mom joke. We need to do better. Shameless black. Hey, don't always see someone that's five foot nothing. It's not refined. It's not pretty. Right. I'm going to call it as I see it, but don't always take offense. It comes from a good place. And if you want someone to do log analysis. It is what I eat for breakfast, lunch and supper. I love logs. I love data. Because I believe we can't wait for something to happen and ask where's the data, where's the evidence. I want to build this shit in now. Because come 10 years I can turn around and say, hey, you claim you hacked this device. Well, motherfucker, you did not. Who do you want to collaborate with? Everyone. But I see it as a trifactor, right? It's this triangle. Engineering is awesome. And I'm geeking out on it. Because recently I got exposed to an MDM and I got to see the engineering pipeline, which led me to bald passes in Python. I never thought I do because I was convinced the internet would blow up if I designed something. And I realize that we have a regulatory body. We have an MDM and we have researchers. And that's what's going to make the future better. These three elements working together to strengthen healthcare and medical security. But we shouldn't be imposing things that break healthcare or medical devices further. Because people like me, this one sitting here, I need this device. And if we make it so hard that manufacturers stop doing it, people like me won't have a second chance. So I think you know me well enough that I'm going to throw random things at you. I can see your brain going. I've been expecting it to bring it on. What's your controversial opinion? My controversial opinion is this. That imposing S-bombs into healthcare and expecting them to take on the manufacturer role is going to lead to it breaking. And the reason being is the manufacturer has the responsibility to ownership to maintain their shit, hold them better and keep them safe. But here's the thing. We're expecting hospitals to do this. COVID-19 came in worldwide globally, swept it, broke it. And this is something they're able to do. They're supposed to deal with viruses and pandemics. So if we make cybersecurity of medical devices their responsibility, we're expecting them to thrive in something they're not going to do. And they're not ready to do. So yes, S-bombs for manufacturers, how else brilliant on this should be doing this shit. It's manufacturing. This is not a hospital function. As a biohacker that works in technology, how do you want to better integrate with regulatory folks, with political entities, with hospitals, etc.? I just want to be given the opportunity to be heard and I want to listen. I want to listen to what they need to have done, what help they need. This is not a me against them. This is saying, let's put our brains together. One collective brain is not enough. We need this diverse group. And this is why our stalking is so awesome. Because I never knew that patient records was as important as it is until we had the discussion and we had an argument. We had that, we disagreed. But the fact is, you showed the data, you brought the data and you changed my mind. And the thing is, we shouldn't be scared to be wrong. We should be acknowledging that, hey, this is not going to work or hey, we made a mistake. Because it takes a stronger entity to do that than trying to hide it. And that counts for MDM hackers, anyone. I have big enough balls to tell you if I was wrong. Because that's the person that I am. I own my shit. How do you want to leave this? What's your message after this? Together, we can change the world of healthcare and medical device security. Because we're dealing with a legacy of devices, an ocean full of them. 600,000 new implanted devices a year. They last 10 years at a minimum. That is a legacy that I don't want to see increase yearly. The time for change is now. Not yesterday, not tomorrow, now. Otherwise, we face legacy. It's going to come back and bite us in the ass. And patients like me won't have access to these devices. Because then first and foremost function is to keep us alive and give us clinical and healthcare related support. They're not there to be secure. I mean, for fucks sakes, if I have to tell the doctor, hold on, you need my username and password. We need my cryptographic keys. I'll be dead. I saw that. It's in a split second. So let's get this shit right. Let's do it now before legacy comes back and bites us in the ass. What's your controversial opinion on recording as well? Seeing as you fucking throwing us all under the bus. What's your controversy? Well played. My controversial opinion. electronic medical records are not looked at by anyone and it's exhausting. You and I had this conversation. It's, it's everybody looks at medical devices because they're tangible. There's something you can hold on to and you can pick up off of eBay and, you know, find a thing, but electronic medical records are hoarded so intensely. And they're not in a lot of legislature. They're not really defined. They are not medical devices. And because they're not medical devices, we don't necessarily, we, the group don't necessarily treat them well. But when you look at it, I can have a medical device that does one thing. It holds one source of information. Right. Like your heart pacemaker holds your heart information where the electronic medical record holds all of the information. When you look for that wealth of data, and I'm going to find this one thing is very specific, or I can find all of it. And that's what I've done. You, again, I did it for so long that when people say, like, this is the most important thing I'm like, yeah, but you're getting that information how there's so many links into this one small piece. And just no regard to it. I think the problem is because we're not defining the surprise because that is like the ultimate gold mine. It's not necessarily a device, but it's a container that holds everything. Right. If those are the keys to the kingdom it's the ultimate. Exactly. How did you happen, you can have the one thing you can have the pacemaker, but you need all of the other things to make an educated device, educated device, educated system there's educated decision. There's support built into this thing that will say this, you're going to give this person a defibrillator of some sort. Oh, BTW, did you know that this person, you can't give him this one because of whatever reason this is. There's, there's, it's a support system. It's, it's a container it does all the things now you've got me well that thank you. It's a treasure trove. That's what it is. I've done talks about this you can I can I can own your pacemaker and like, oh I got a thing. Oh, it's worth how much 50, 500. I can own a hospital, because that's essentially what you're doing once you get the EMR, could you get into the EMR and get into everything else because it's all connected to the API is because whatever is going on, and it's just gone. And that's mind blowing to me. But I mean the purpose of cyber crime right is about money. So what can I sell and what can I keep on selling and how can I get, you know, have persistence. Exactly. I mean, it's the it's the product that you know for ever paying because everyone's going to want to have Oh, here because now I'm upset about life. They're not even connected. So, like, New York does not connect to DC which doesn't connect to Seattle which doesn't connect to anything. So, me as a human, I now have to regurgitate my whole life history of all the things that are right and wrong with me, because you don't know, I can make all of the things up. I can make so much information. Did you know that 18% of healthcare workers indicated that for the right price, they would sell their data. Yeah, insider threat. Right, we just over, we overlook it. And there's there's a print mechanism mechanism on these things. You just, you're good. How do you feel about zero trust Nina, tell us how you really feel. So, we currently work on these privilege right. These privileges still an indication of trust. It's trust that verify in a way, not in healthcare, we shouldn't have that there's, this is, this is sanctified information. This is literally you in data form. And we're just like here it's fine go get it. We're cool. We trust you. You trust me because I work here but you don't know who I am as a person, you know that I have a certain skill set. But zero trust needs to be better incorporated. It needs to be incorporated better in technology and industry, generally, but healthcare needs it more because of the sensitivity and the specificity of the information. You, you roll somebody up on their labs, and they're off by whatever number this is you can overdose them, you cannot do a thing you can treat them. You can give them the wrong blood. You, there's so many different options, you need to know that everything is is in their place. You need to know that you can get into things and you can't get into things and this is this is why the hierarchy is as such. And we're not doing that. Medical is so it's very flawed but it's also one of the last technologies to go live with any sort of tech and any sort of security, because we've had that cloak of, you know, we're cool we're good because we have the doctors and we know the things. And if I tell you that this is wrong and this is the medication you need you're going to trust me, because you don't have that information. And you're going to trust me because I'm giving you that information. It's the same thing. And we did that hypocrite. I'm the Calvary did that. Hippocratic oath of medical device manufacturers should have taken that Hippocratic oath. If you read down the article, I go further I said the hospitals need to also take that Hippocratic. Because that is your information that is them holding you in digital format. What is exactly. There is none. There is absolutely none. Like I think about me. You're sly. You knew this was going to happen. I didn't think this is going to be like. Oh my God, I should I should turn this you asshole. I should be like this is everybody grilling me about shit. I love having a conversation and this is others voice. But I like the fact that, you know, we verify but never trust. I like that about zero trust. Because for long we've done trust but verify. But I mean, do you think I'm going to throw this out that a PT is above attaching a medical device or importing it into a code with operative and sending them into a hospital. So yeah, we shouldn't be trusting bring your own medical device. It should not be a thing. I always love our chats. I just want to show you. So you said from Rika's two sentences about you. What's your origin story. Okay origin story prior FDA worked in medical devices and medical kind of measure for the FDA and currently working with chemical bio threat reduction agency. Okay, so all those things that you just said, what's the most interesting thing that you're working on right now. Most interesting and working on is using quantum dots to test for COVID antibodies. Just started working with the Aberdeen folks at the Cambio Center up there in Aberdeen. Hopefully we could start using quantum dots to test for other infectious disease and maybe explosives. Okay, if you were going to rip the guts out of health care. What would that entail the data set. Expand. Um, I think over the last 50 years has been 95% European white males. I don't understand the term precision medicine, given the fact that we've been doing race based therapy for the last 60 years. Okay, how are you going to do that. Are you going to rip this up. How are you going to change the paradigm. Well, I thought about calling Dr Collins and NIH and tell him to stop funding all white male scientists but that might be a little bit above his pay grade. But I truly believe that we're going to have to start building data sets from the ground up scratch what's already there, because I think it's complete bullshit. We're called to action that all white male clinical studies be ended and then bring other folks in because traditionally there's been historic issues with people of color, not being particularly keen on signing the paper of a clinical trial. So, how, how what is the best way to get those folks involved. Well, the first thing is is take the bias out of the folks that's reviewing clinical trial or one. Okay, so how are you going to take the bias out because that's in green now. Yeah, that's so you know that the college is going to have to do a better job of hiring more African Americans minorities and women at the NIH because it starts there. And the socioeconomic bias that's already implanted Wednesday look at the application, anything that refers to lack of diversity or diversity gets thrown in the trash. Is that going to solve the problem in its entirety. Again, some of the solving the problem and then I think you know what you'll start to see is that trust will come back minorities or trust other minorities to do study I raised clinical trial enrollment at the Bronx VA just because I was African American, I was able to go into that house because they saw one African American guy in the entire psychiatry department at the Bronx VA their entire time they had veterans there was that had been going to that VA for 30 years that they've never seen an African American or minority scientists that asking them for their blood or asking them to do a sign up for a trial. So I, from conversations with you you have a lot of opinions about the UA's. So what's an away. What's your controversial opinion. I mean I think I'm getting a little concerned, I think we're over about 25. From our conversations you're a little more than a little concern. Yeah, let's let's ratchet it up a little bit I think we're in the red, as far as these EUA is being approved because the confidence interval. That's required is 95%. We now have EUA is which is emergency use authorization for covert testing as low as 65%. I mean, you don't have to be a mathematician see that's a that's a D on your report card. It's not even at a C level yet. And so these are tests that's being administered and given report thinking that individuals are not don't don't have coven when there's almost a 40% chance that they do. So what's the work around for it. So they get there 65 they get their D do they get extra credit do they is it. I mean, honestly, I think they all should be taken off if they're not above 80%. I think we're about three months. Who did that leave we're in a crisis right now. Again, that's where I think America has kind of took the eye off the ball the last century or so. Right, we outsourced everything to China. That's the reason why we have slowness in testing now right we don't have enough swabs, we can't manufacture a stick with a piece of cotton on it. And so now what we've done is we've rushed out and have all these device companies make these e ways that are charging $100. You take what 20 that almost three to four days to get a result back and oh oops, it's might be 65% accurate. So you fought either way. So what's your shameless plug. I mean, I mean, again, I think, understandably, there's only three that spent the 95%, I think they should go ahead and ramp up. The rest should be scratched unless they have significant data. But how are they going to ramp up the, the, the production line is not here the supply chain is not here. Get out. We're America's viable answer when the whole world is in crisis. Well, we're not responsible for the whole. And therefore I think, you know, what has happened is America is focused on bullshit. And, you know, now we can't even supply our own medical supplies. We can't supply our own API for pharmaceutical because we've outsourced 93% is in China and the drug manufacturing is in India. So somebody's going to have to take a hit on the chin for it, but it needs to start being American made products. So if it's American made products, this also indicates that there's other things in the supply chain in that, in that just workflow in its entirety that needs to be changed if we have sent so many things off to China. They have different environmental protection laws, which means we would have to change them here. So this whole system needs to be recalibrated. How long does that take what's the effort, what's the funding who needs to get involved. I don't think it needs to be calibrated. I think it needs to be detonated. It needs to be start from scratch, because it's just not it's not it. So that's a great we have the problem so you're bringing this up. So what's the solution solution is I mean again we got to get back to manufacturing. That's, that's the solution. I mean, we've spent more money on Pokemon goes and other bullshit. We have not been able to show up our supply chain right now we shut the borders down we are dead. We don't produce enough insulin we don't produce anything that is of necessity to us. However, we've spent so much money on other shit. I just don't see how we can sustain we are not able to sustain ourselves right now if we closed all our board. We don't produce insulin on Puerto Rico in Puerto Rico, and that pushes over here, but we're still not addressing what I just said so you can detonate and that's fine. But you are still not creating a chain of you've destroyed this. What now. I mean again, we have to rebuild that trust how do we rebuild the facilities and get the stuff to make these cotton swab. How do we get from a four day waiting period to a four hour a 24 hours around. Yeah, we got to shift the money I mean the money is being shifted big corporation shift the mindset though first right. I don't necessarily think the money is the money is always the problem casuals everything around me correct but you have to change the mindset of those manufacturers of the people that that are in that chain to make the difference before the funding is even considered. Yeah, but again going back to the individuals that's running those companies, they're not diverse, there's no inclusion and so they did to make these decisions that are not relevant to the diverse population that they say their medical devices to serve. No we're talking about cove it we're still talking about the manufacturing. Yeah, that's what we're talking about the manufacturing I mean again I name an African American that runs a large pharmaceutical company. I'm not well versed in the pharmaceutical companies to be honest I'm better with my African American there was a medical device company a large valid now completely valid. Again, that's when you talk about the mindset you have individuals that's running these particular industry that pretty much only have their interest in their group. Right. And so that's where you see with the pharma. Nobody thought that it was alarming that it's 95% European white males. I think everybody did. Yeah, but the ones that the go. Absolutely yes, not everybody. Not everybody. Not everybody worried involved and we're like why can't I have that met I saw it on TV. There you go. So what's your shameless plug for you what's your shameless plug. I mean again like I said I think for me is it needs to be understood that this is a systemic racial issue from the beginning. I don't know how to band aid fix it. So, the plug would be the read engineer the way science is being done. How the scientists are being hired at the agency, because until you have diversity and inclusion, you're going to end up with another 50 years of white 95% European males in the drug trials trying to treat, it's not going to be the majority anymore in the next 10 years. What are we doing. Your shameless plug is about you not fixing the system. I mean, I don't have a shameless plug. I just, I just want to do good science and individuals that you know, I think what my big concern is. There's a lot of innovation going on that's not being acknowledged because of who's behind it. And I think what I've seen over my career is that we need to change that because again I think all you're seeing is these me to products. There's no innovation being done at the large companies money's been spent on r&d for absolutely nothing at all because I haven't seen any value add to a lot of these products, given the fact that is being done in a bubble by white males and white institutions. Okay, thank you. We met in Abu Dhabi on a plane and had extensive conversations about medicine because happen chance. You are a physician. What's your origin story. So the work on what eventually became telehealth really began with a Facebook page. Back in like 2008, thought that the, the residents could benefit from having a professional Facebook page, and that, you know, is a good way to share information and can be used a little different way than kind of just the sharing pictures and family and friends aspect of it. But the professional societies hadn't really come around to it. So really my career changed with a slide from Queen Elizabeth. Because when I, when I showed Queen Elizabeth's Facebook page, and that we were not, you know, adopting to new technology, even at the speed of Queen Elizabeth. I really do think that that was persuasive. So I think, while I have been given a fair amount of credit for kind of ushering a cog into social media. A lot of it was was Queen Elizabeth's influence. The work on social media began really with a legislative interest to kind of share stories and new legislative items that were coming up and to kind of get, get awareness in a way that was a little more fun and socially engaging. That pretty quickly transitioned from social media to anything that engaged with apps on your phone. And while they are very different, you know, it's different to have an app on your phone that say is a as a step counter from having a social media profile. There's enough of a connection through the mobile devices that social media and mobile media, you know, overlapped. And I was doing my health policy training at the University of Pennsylvania, where they, they very astutely had formed the social media and health app. So I joined them and that was really the professional intersection of studying the big data and the new types of metrics we get from things like Twitter, like tracking flu season by tweets and those kinds of studies. And from there, you know, it really has been just kind of series of, of progressions where, where you go from tracking health information via Twitter to health information via a wearable device, which, you know, has at least a commonality of connecting through apps. And ultimately kind of landed where we are now, which, which is a version of telehealth that is very different from social media profiles, but relies on things that, that, you know, engage through wearable devices patient generated data app connections. And then like what we're doing here, which has become routine in COVID era, which is the virtual visits. And, and obviously it's exploding right now so that's that's kind of a brief synopsis of how I went from talking about Queen Elizabeth's Facebook page to doing virtual visits around the clock. So you gave an acronym and I'm not sure people know what it is so what's ACOG. Yeah, ACOG is the American College of Obstetricians and gynecologists. I want to dive into that because that's the kind of physician you are correct you deliver babies you take care of moms. Right so I'm a board certified OBGYN and the chair of telehealth for for the professional society ACOG. Perfect. So, I think a lot of people when they think of going to the hospital now because of COVID they're going in for tests, and they're going in because they have COVID. But the one surgical suite that stayed open the whole time, or at least generality stayed open the whole time was yours. So, can you talk about what, what happened what changed during the COVID. Just get into that. As with everything it has been a series of moving targets and adaptions and adapting to maybe an overreaction. So, a lot of it has, you know, changed but the overall essence of it was the, the obvious necessity for still having inpatient care. So, the recommendation has always been to come and receive your maternal care in a hospital whether it's delivery or triage evaluation management blood pressure. It's not recommending going outside the hospital. And to make that as safe as possible there were a number of new, new protocols, some just limited who could be in the hospital. So, a lot of it was keeping it to be being just the patient and maybe one support person, which would often be say a spouse or a family member. The recommendation before COVID would have been to have multiple support people either multiple family members, or a doula, or, or someone, you know, like that. So that that initially changed and there are some, you know, unfortunately, kind of rigid policies that that did change the earth experience and definitely change the postpartum experience. So it's gotten better at rapid testing and symptom screening and, and mask wearing and PPE. Those have become a little more lenient, but there still is an emphasis on getting patients in that of the hospital as quickly as possible. So, so going home on day one after vaginal delivery, or day two after a C section would be accelerated in normal situations but it has kind of become routine right now. So the whole the whole testing element where if you test positive, there is a whole other kind of precautionary protocol that they get put into place and it does mean wearing more masks than you're probably used to for the patient definitely means more PPE for the providers. So it looks like a much more kind of medicalized version of the delivery, which, you know, is is kind of is is the safest thing we have right now. We talked about social media and the way that it's working into better patient care. Are you familiar that the FDA is working on something like that that they're bringing in all of that. Can you speak to a little bit. So, so yeah, I can speak. I'm not I'm not part of that personally. So that a call to action that you want to express. I may be expressing that for you. It's definitely a call to action in that we need these kind of bi directional flow of information, you know, we need patients who can more directly interact with with decision makers and with with people who are making the health policies. It's a little bit different I think than the initiative you're talking about but one of the most effective waivers during this coven era was the allowance of different devices. So that everybody can access virtual health, even if they don't have some of the infrastructure that that's not available in all communities and examples that would be like Skype FaceTime. So there's most communities now, whatever whatever the resource setting is, do have access to cell phones and enough either Bluetooth or internet that they could do a FaceTime visit or or Skype visit. So what kind of, what kind of interactions have you had with the security the security researcher community and are you are you getting into that realm are you in that realm. Waiting in we're probably about knee deep right now. So there's there's definitely an adult adult swim deep into this that we have not gone into, but, but even in the shallow waters it's it's been very enlightening, because what what we want to see happen with this telehealth is the best kind of transition from optimizing the benefits without falling prey to the pitfalls. And we know with any new technology that those pitfalls are there, often unintended. So, you know, kind of a classic example would be any scientific discovery that at an extreme became very dangerous, you know, nuclear nuclear fission comes to mind. So when it comes to Facebook and social media I think the extreme of that in the negative is pretty obvious right now with all of the misinformation, and all the ways that social media can negatively influence public perception of pseudoscience or influence elections. And what we want to do is harness the power of these things, because social media has also enabled black lives matter and the need to movement, you know we we want to maximize the good and minimize the bad. And we're learning right now what are the, you know, to switch now just for a second in vehicle safety, you know what what are the antelope breaks and seatbelts and air traffic control of telehealth. And for example, in the kind of entry level interaction I've had with the cybersecurity community, we, we don't have much training on the physician side. So, you know, when a doctor is talking about a device that might be beneficial to a patient say like remote blood pressure device, they probably, you know, genuinely just don't have a lot of training or information about the nuts and bolts of how that works and how safe the data is. They know to ask about it they know to be concerned about it, but they don't have like the deeper level understanding. So that's an example of how, you know, data privacy is is totally intimately intertwined with this. And doctors do questions about it. So, I have two things for you. This year at the biohacking village. Andrea Downing is talking about disinformation on social media, and you should also have a conversation with Dr Christian to mess and listen to his panel and do no harm I can send you those links after. And the last thing I want from you is how can we as a community the hacker community cybersecurity community help you and whatever next step it takes to get mid-size into that water. Yeah, well exactly what you just proposed I think we need a lot of these cross disciplinary conferences I think we need to be going to each other's lectures and and learning each other's worlds a little bit first and then finding out all the intersections. I do think ultimately, there's going to be a role for a lot of these conversations take place outside the patient doctor encounter. It's it's, it's already such a short time we have to talk to patients about the things that were that were trained in extensively, to get health of the patient right in front of us to then dive into really complex topics about cybersecurity and patient generated data and where that data sits and how protected it is. Not only is it maybe beyond the scope of our time limits, it might be on the scope of our expertise. We're finding a way that we can get patients the answers those questions and get a well informed citizenry of doctors to feel comfortable enough that they can confidently recommend the devices without having to get into all the deep weeds or deep deep end of the pool about exactly how it works you know finding the trusted sources to say, I don't know exactly how it works but these guys do and we trust them and so that here's here's your kind of safety safety measures. So if we get another plug, make doer is working on a cybersecurity informed consent project that would help patients and help you folks get that information to them. So this is the last question, what is your shameless plug for this conversation. Your shameless plug is to have a post COVID world that looks a lot like the current waivers and adaptations. So it doesn't mean that we have to continue all visits via Skype or FaceTime, for example, you know, even among the doctors, most have moved away from that already they use things that have a compliant. So that's not the waiver that we're looking for, but, but we do need a lot of these other waivers to continue we need doctors to see patients without for example a prior existing patient doctor relationship, we can establish that for the first time, virtually, we really need the cross state lines flexibility. A totally shameless plug would be to have something akin to a national medical license, where if you're licensed in one state you can practice anywhere, the same way that you can prescribe anywhere in the United States with the DEA number, or you can drive anywhere in the United States with the driver's license. We need we need payers to continue to fund this. They've been doing a, you know, admirable job adapting to the current climate, we need that to continue. And in we need the we need the people using it right now to be open to still some reigning in of all the new technology. In other words, we know that things like virtual visits and on online care are still prone to overuse and fraud and all the things that in person care is prone to. So, while I'm calling for many of the waivers to stay in place and not be reenacted, we will need some new things that come in, and we need to be open to those we can continue to use it safely. So much. Thank you. Hey girl hey. Hey girl hey hey hey. This is Najla Lindsay. She is on the board with us. She helps us do the things and accomplish all the things that you're about to experience. I have questions. I may have some answers Nina, I may have some answers for you. Are you ready. Gonna get into it. So, what's your origin story to three sentences. I'm a forensic scientist lover, wine lover, and I am here to share forensic science and information security is hand in hand that's just that's the bottom line. They are lifetime lovers and part time friends right now and I need them to be full time friends as well as, as well as the lifetime lovers. So that's, that's it in a nutshell. It's a shameless plug, but you clearly already got this because that was the title of your talk for last year so hashtag, go to YouTube. You're up and coming as a researcher, you're doing all the things. What do you need from our community to help you get to that next level, because if anybody follows you on the Twitter's, you just, it's all the time every day doing the things. How can we help you. How can you help me, you know, share, you know the resources that I share share things that I'm doing with the community and reach out to me I'm always open to have a discussion I'm always open to learn something new. I don't know everything. And I think that the community is full of experts and people that know so much that there needs to be a bridge to, you know, career transition is like myself. And, you know, recent graduates, and you know the people that have been in the industry for years. So I'm always willing to have a conversation, talk to you. I'm sharing my resources and, you know, just be genuine and in your reach as well. Because it's no sense and being fake with me I'm not fake with anybody, just be genuine in your reach and reach out to me talk to me and teach me something new. You talked about your forensic science work. How do you see the overlap of DFIR science security technology healthcare. It's, it's all intertwined. And I like to tell people that, you know, a lot of people that are currently studying digital forensics, they don't know that that's actually a branch in a discipline in forensic science. And once people learn and actually take into into their work that this is from a scientific discipline, what you do in digital forensics can go to court. Like you can testify based on what evidence you have process what evidence you have found what story you're telling. And that could be a make a break for someone you can wind up putting someone in jail, or you can wind up freeing someone and exonerate and I'm from a crime that they've probably been in jail for for years. And so I always like to remind people that they are together, whether you like it or not. And I think that people forget that you have to take the scientific approach to a lot of things. That scientific method, we didn't learn that just to learn it. We learned it because it actually applies, you have a hypothesis, and you have to test it out, not just once, not twice, various times. And with various people because what I get when I do it will be a different result and can be a different result from what you get. And it doesn't hurt to share the information, you're not going to lose anything by sharing what you learn. And I think that it's all is it's will forever be intertwined as digital forensics gets more popular because that's also taking the turn and being the talk of the town of cybersecurity information security. I think it's important that people remember or know just even learn that this is a part of forensic science. This is a science discipline. And the more you think methodically about it, the better you will be as a practitioner in the field. And that's either as a researcher or if you're working full time as well. So, not a lot of people consider digital forensics in health care, because there are no laws surrounding it. It's something goes wrong. You reimagine it, you keep moving, you keep going. How do you see the transition happening? Is it happening? Is it going to happen? What do you see the future? So with health care, like, I find that they're always at least five to 10 years behind on making the transition to updated technology just in general, like just switching to have Windows 10 on all of their computer systems in the hospital can sometimes take much longer than you think organizations or government organizations. And so I think that the health care industry is still catching up, right? You know, health care, you know, a lot of people didn't think about, oh, I have to worry about securing this device and making sure someone tripped it and increase, you know, let's say you take insulin, you have insulin pump and increase my insulin pump or, you know, mess with the anesthesiologist who is very important during surgery because one wrong dose can kill somebody. So your hospital to go down and your anesthesiology equipment is on the network and somebody decides to play with it, you're just completely out of luck. So I think that as more people are aware of, you know, the biohacking village as more people aware of, you know, health care and medical device security and how important that it is to think about security at the beginning and not the after effect. When people will start to realize, oh crap, we actually have to take care of this. And I think when it manufacturers, there's a couple manufacturers that I know that they started implementing on their websites where you can learn about stuff that has issues. And so they want to make sure that the community is aware so that, you know, they're doing they have their methods to build in and make sure that everything works better. And I think the more that people actually have conversations because as much as as big and as much as cybersecurity is, they don't talk to each other, like people within the industry and the organizations don't talk to each other. It's like a hush hush thing. And I just feel like this is actually the same thing in forensic science too. But I think that the more that you talk the better we can come together and the better we can build these, you know, these instruments and these medical devices because that's the way we're going to make healthcare better for everyone. It's not about, oh, you get access to healthcare and you don't. You have to think security at the forefront and not at the, at the end of it because it actually costs you more when you think about it at the end versus with it in mind as you're doing it. So it's all intertwined, all of it. So, in recent history, you were part of share the mic in cybersecurity. Oh, yeah. What was, what was that like, what were the outcomes. Um, that was like one of the best things that I've ever been a part of. Um, and, you know, when I got paired with Rachel Tobak of WISP, you know, I had known of Rachel I hadn't really talked to her as much but I had known of Rachel because I wind up being able to receive a WISP scholarship last year for DEF CON. So that was very helpful in the attending DEF CON. And on top of that, we just clicked instantly. I learned so much about her. And we put a plan together. We put a plan because, because you're on Twitter. You're not necessarily doing videos. It's a tweet and you put together some tweets, we put together some tweets. We put together an action plan and just talked about, you know, what it is that I'm trying to do what it is that you're looking for. What are the certifications that you're doing and all of the like. And so we put it together. Thursday night, everything was set. And then Friday, everything I was at work. I still work in my forensic science industry. So I was at work when all of this was going on but I knew what the tweets were because we talked through them and we worked through them. I wanted, you know, funding for my certifications. And I wanted to attend the sans class and we know, you know, sans has been looked at as like one of the main industry certifications to achieve and attend that class. And so I was fortunate to be able to receive a full scholarship to attend one of their classes. I was fortunate to be able to get all of my certification certification calls covered, and then they wind up covering all of the black site for security professionals, certifications and trainings, and to, to still, you know, make that, you know, hey, I'm going to go get all of these people, make that the forefront and say hey, I'm, I want these people to progress. I want these people to win. I think that that was amazing. It felt amazing and I was elated all day at work. I was on my, I was just so elated at work and they couldn't even tell me there's like, are you okay I'm like, I'm not sure, but I'm here and I'm going to get my work done. So amazing. And then later on in the day Rachel and I actually went live on Periscope and we had a discussion about, you know, you know, being black in the industry. And what it is that people can do to help black cyber security professionals. And so that whole day was just full of adrenaline and full of, you know, happiness and gratitude. Using their platform to promote other people voices that don't typically have a voice. So I loved it. And Rachel and I are still building our relationship in the background and learning about each other and things like that and I think all of the participants are also doing that. So it was, it was amazing. I hope that it continues to grow into something much larger. Going forward. How can the biohacking village participate or do better with it. You, as a biohacking village, I think that you have to make a conscious effort. And then to some people it looks, it may look like you're being biased, because you may focus on underrepresented minorities or things like that. And I think a good way because normally the biohacking village just does an event during DEF CON right. I think that, you know, during the year, you know, after you know a couple months later down the line do do. Are you secret dropping? You got to cut this out. No, I'm just telling you what I think. I'm just telling you these that I think that will be helpful, you know, maybe start a partnership or a mentor program with, you know, some people get people involved in in it and promote it, you know, consistently. You know, especially during cybersecurity awareness month everybody participates in that right, like last year I did that I was dropping random tips of the day, like, and doing that. I think that the more that people learn that the biohacking village is out there, the more that people will want to participate and know about, you know, health care and medical device security. I think that is, you know, keep, you know, tweet in and sharing, you know, information and reaching out and being personable. I think that's all going to do a world of good as we continue to grow because I'm not going anywhere. I mean, you're stuck with me just so you know. I was never letting you go. Okay, just so we're clear here. I was never an option. Okay. So, what's your controversial opinion? Oh, um, Wow, you trip me up here. Good one, actually. Um, my controversial opinion is that I, I see, I see people being performative on making sure that black people get heard in industry. But it means nothing because you're not actually doing anything and I can see right through you pretending to do anything. And I think that, you know, even with share the mic and cyber is, I feel like it'll be a moment in time for some people and for a lot of people, because you have the same type of people at the top of the industry. And they have a lot of say, and it in the industry follows a lot of what those top people say. So I think sometimes, you know, doing all of this and making sure that, you know, people get heard. Let's check back around wintertime and see what's been happening, because I know, or I feel that stuff's not going to look the same. So what's your controversial opinion? What's your call to arms? My call to arms is, don't talk about it be about it. Go make for the next. Listen, we're in Rona. It's Rona, you're like, it's Corona virus. Most states, most countries are locked down. Reach out to somebody in the industry, not a white person, not, no, no, no, not a white person, not a white male, not a white female. Somebody that does not look like you that you've never actually talked to either, because you can tend to have a bias against the people that you've already know. And you just choose that because that's your comfort zone. No, no, no, no, no, we want you out of your comfort zone. We want you to be held accountable for your thoughts, your feelings and your words and your actions. Reach out to somebody, a black person, a Latino person, an Asian person, somebody not related to you in any way fashion form that you've never talked to, and get to know them genuinely. And don't expect anything in return. Nothing. I mean, not an ounce of nothing. And see what happens to yourself as you choose to develop a relationship with someone with no transactional expectations. What happens to yourself, not for them for you, because I can guarantee you when you start to do stuff without expecting anything in return, you feel good. And you realize that the stuff and the values and the beliefs that you have now, they can change. They don't have to be there for the rest of your life. And your life's not going to end because you've changed a value or belief. It's not going to end. It's only going to get better. And if, if it don't get better. I'm sorry, you're not growing and you're going to be stuck. So choose somebody you've never talked to go on LinkedIn, LinkedIn is the place of people just, I feel like they just Google and just reach out to people. Go on LinkedIn, check Twitter, check hashtags, go on the air, go talk to someone, build a genuine relationship, find out about them, reach out and take it from here. Commit to it for the next six months. I'll make it easy. I won't even say a year for the next six months into the new year actually it's five let's make it into January 2020 and see what happens. Reach out to me on Twitter and tell me what happened when you did this because I would like to know. I love that. That's it. I love the passion you bring to pretty much every single conversation. Let's do it. Thank you. So fun fact about this quarantine is cannibal and I started cooking together on the weekends. Three hour time difference. This is Mexican. I'm Puerto Rican. We started making dishes from each other's cultures. It opened up our eyes we're like super homies now it's amazing. It is probably one of the best friendships I have ever cultivated. And thank you for being on here. So, quick, just to get to know you question. I have two lines one minute. What's your origin story. All right, origin story. It's going to be a little bit more than two lines. But I started out in the medical industry this was 12 ish years ago for medical device manufacturer. And it's kind of how I got into medical and how I got into security where I was brought in actually more of a support role. And I noticed that hey, these these devices aren't being patched. Nobody's really taking a lead on this. So I just started doing it on top of my other stuff. And that was kind of it at one point it started rolling up into a, oh, hey, hospitals are starting to get hit with ransomware. This is kind of a big deal. I'm like, yeah, I've been doing this for years because you guys didn't care about it. Perfect segue. So you've been around the industry for a super long time. So you've seen it go from healthcare instantiation with technology and security to where we are now. What are the biggest differences you see and how much do we still have to go. There is still so much work that needs to be done. So so much work. I think people are more aware. I'm talking about a populist standpoint, not so much the medical industry, but people are more aware of their data, the sensitivity of things and that security is important, especially on devices that are connected to people, or are, or those people are relying on those devices for their safety and their well being. Things were a mess. They're still a mess, but not as much of a mess. I think a lot of it has to do with one of the things is the regulations HIPAA. There's not enough their, their hearts in the right place, but they have no way of enforcing it the claws have no teeth claws have no teeth. That's kind of funny because it sounds like it's a cat. Right. So I'm going to, I'm going to bend you on that. Okay. What would give healthcare policy makers regulators more teeth. How do they end just an extension of that. So then how do they engage more with the sec community hackers to make this better. How would you engage by these people. Yes. So that's kind of a, if there's no quick, easy answer to it, unfortunately, but this isn't a new issue. We've, we've known about this for a really long time. It's one of those things where if we, if something were just started now in, in five, six years from now, we could look back and say, Oh, yeah, we still don't have a great plan, but there's something there's, there's at least this momentum that we can build off of getting some sort of enforce enforcement policy in place. And that usually comes with auditors or someone that would like basically go to each hospital. Some sort of government funding would be helpful because a lot of the hospitals, a lot of people think that hospitals are making money hand over fist because of how much they cost, but they're just, they're trying to break even. A lot of hospitals are running in the red. And, and they really don't have money. A lot of them don't even have it staff. A lot of them outsource their IT. And it's one of those things where the doctor will call up and say, Hey, I want to be able to check my, my, you know, x-rays or whatever from home, punch this hole through the firewall so I can, I can get access to my machines. Having some sort of standardized IT policy for hospitals that the government can say, Hey, here's a framework, you can either use this or use your own but you got to use something. And that, that would be a huge step forward just having some sort of basic guideline so that the hospitals aren't fumbling around in the dark trying to figure this out. Newer hospitals tend to be better, but there's so many old hospitals that are just kind of like cobbling things on as they go. Most, most hospitals. What's that? Working with those legacy devices that they have to continue to integrate and continue to protect with the other things that are coming in. Right. A lot of hospitals, especially on the East Coast have been around since before computers were even a thing. So they're, they're, yeah, right. It's crazy. Technology. A lot of them are like, how do I use this fax machine? I almost think that person was like, what do you mean about you talk about New York specifically? Yeah, especially New York. No, it's actually true, right? So you're not in healthcare anymore, right? No, I am no longer in healthcare. I've been out for maybe three or four years. So I don't know if you want to talk about the industry you're in, but how does that industry, how can that industry that you're currently in influence what healthcare is doing? So I'm a threat hunter red team for local government. And just, just having so my, my issue with, with that type of work is the hospitals just need to just need the basics. You know, it's great that these devices on the user side have two or MFA usually three forms of authentication in order to like be able to pull meds or, or change access to a patient's record. But on the admin side of things, a lot of those don't have multi factor authentication. It's single off. It's great that the users have to do this, but the admins don't. The, the technical side of things is just like it's just oftentimes a reuse password across the, across the vendor. And I mean pick your vendor a lot of pretty much all of them have it. So what's your call to action for healthcare, or the hacker community, whoever. So many things. There's so many things of like one of them is just like education. Get educated on, on, you know, what hospital you're going to, what, what standards do they have what, what equipment do they use, ask them, you know, how is my information going to be used as a patient. This is a patient as a patient as a hospital. It'd be one of those things of like, yeah, holding your vendor a little bit more accountable as to what equipment they're putting on your network. So many of them basically say, Hey, we're on your network, it's up to you to protect this equipment, not we're going to harden this stuff because, you know, because we don't know what's there. And, and every hospital is different. There's no standardized network for hospitals. I, I keep kind of going back to the whole standardized policy thing of this is a basic framework. You're welcome to modify this as much as you want. But these are the basics, you need to, you know, be able to segment off some of this equipment, or have a standardized to FA or MFA policy for your internal staff and admins. And if you're not going to have your on site it, these are the rules they have to play by. So what if it's a baseline where people just have to meet this very small criteria and two, and then from there they can build up but they cannot go below. Right. Who would, who would be the, the organizing body to lead that or who would be involved in that. That would seem like it'd be kind of fall onto the FDA. And there's, they have some stuff, but it doesn't really call out a basic framework or some sort of structure that hospitals can can fall back on if they have these questions that are going unanswered. So, we're almost out of time. What's your shameless plug. Just get angry, get, get informed and like realize how like how poorly everything has been there. Like this is this none of this is new, we've we've been talking about this for 10 years, and very little has been done. One, one thing I will plug is if you look up the HHS breach report. Whenever there's a breach, it has to be notified, it has to be reported, and you can go and you can read these reports. And you can see is like, oh look, 10,000 records just got breached or this other, you know, CVS got breached there was one recently I think within the last week for CVS in one specific area and it's one of those things where it's like, I feel like nobody's really looking at this. This is networked right, you can go to CVS and pick up your meds. So it's not just a singular, a singular one area that got hit is if you go to Google and you just search for the HHS breach report. That's hotel hotel Sierra breach report. It'll take you to a page and you scroll down and you look for breaches greater than 500 or less than 500. But there's a way to display them both for what I mean to docgov site so at least you're getting something this. So the one I was just talking about is the CVS pharmacy. And that's 21,000 records, or not even records but individuals. The next one down is 25,000 the one below that for University of Utah is 10,000. 78,000 for the NCP healthcare management company. These are all within the last, you know, seven to 10 days. This is a lot and it just it just scrolls every every day or every few days there's just another one and another one and another one. And I feel like not enough people are looking at the breach report. If you get enough people you get enough eyes on this report. It kind of paints a picture of this is a really big issue. And if if we just followed some basic practices. It could really prevent this if and it also shows you the location and the type of reach, you know, hacking it incident hacking it into incident unauthorized access or disclosure. Those are the ones that you see the most the the one at the very top for Walgreens is theft but and and the one below it is lost as well. But I mean those are those are all preventable things. These are, these are the things that that can be mitigated. Just a very basic framework of how to handle passwords to FA has to be required for not just the medical staff like the the RNs getting the meds out of the machine, but the techs servicing the machines and and the vendor companies that are putting this equipment in the hospital should have some degree of accountability for what they're introducing to the network. We're going to see each other later because it's Friday for us and so here for later. Thanks. Later. Hi. So, Sri. Hi, how are you. Good. Thank you. How are you. I'm good. So, tell us about yourself where do you work and a little bit about your origin story. Sure. Yes. I've been working on controlling pandemics. Since the Ebola epidemic. I got pulled into that by complete by almost by accident. I was at a conference Ted med that looked at looking at all kinds of medical topics but just a few days before that the Ebola crisis was was escalating and the CDC director had a press conference saying this is the worst epidemic of his career since the AIDS epidemic and then so it was like, oh, wow, if the CDC doesn't have things under control and things must be pretty bad. So, although we were, you know, we're having drinks at the city hall in San Francisco for the at the conference. It was very hard to relax because we were thinking about, well, what's happening with the Ebola as the whole rest of the world was worried about. So, I happened to meet my gentleman who became my co-author. He was a Harvard public health school professor. And it turns out I just was, I just happened to randomly meet him there and started, he told me he had a lot of experience with Ebola in, sorry, with health public health in West Africa and East Africa and India and all a bunch of places. So I said, wow, so you must know all about what's going on there. And so I just asked him questions. And we just kept talking and kept in touch and then realizing that there may be some ways to solve this problem in a cool headed way as opposed to all the panic that was being. If you look at the literature at the time, there were people were openly panicking. And it was kind of a strange time. And so we said we wrote some things down on paper. Just started emailing a bunch of people and saying, hey, could you try this and do that? And ultimately about a month later, that paper that got written into a sort of article format and we submitted it and it got published in the Lancet. And then the president of Guinea saw that and invited my co-author to come advise him on how to control Ebola in his country. And he was supposed to be there for two weeks. He ended up there for six months, unexpectedly. Exactly. And I was there on the phone with him almost every day. Just we're working through the details of how you create a national Ebola response. So that's how I got plunged into this pandemics field just by completely putting into random events. So now we're in COVID. The experience with Ebola. So how is that medical data being taken in? How is it being allocated? Where is it going? Okay, so that's great. So the data is still not where it needs to be. And I think there's a lot, as we know, there's these big problems with the CDC and the federal government trying to gather data from all over the country. And our testing is far behind what it needs to be. But we're probably seeing a very small percentage of the cases that are actually people are having. This is a disease that has asymptomatic infection as well as pre-symptomatic spread. So we're basically only seeing a fraction of the picture. And this is a reflected way we know this is that if you ... So in other words, I think the data that we have is only a small fraction of what really is out there. And I think that's the point I'm trying to make is that whatever data we have is a tiny reflection of the ocean. So how is the data that we have going to influence COVID care? And then beyond that, once we get past COVID, how is this data going to influence change within healthcare as a whole? This data is already influencing, I think, in a very big way. I think, for example, like, take the state of California, there's a metric called the positivity rate, which is the percentage of tests that get returned that are tested positive. So if you do 100 tests, how many come back positive? On average, it's 7% in the state of California. But in parts of the state, it's actually 12% or 20%. The 17%, 20%, that's in central California right now. Whereas in the San Francisco Bay Area, it's closer to 2% to 4%. So the average is not really reflecting the whole state. It's really highly variable. So the people are using that data, that percentage to allocate resources. So the governor allocated $52 million of extra effort to do contact tracing and a whole bunch of things for central California based on that data, based on that positivity rate. So that's one way in which the data is really important. It gives us insight into where the problems are. So actually, I want to do current state versus future state. So current state with COVID, how is that data influencing changes in health care? And for future state of health care, what are we learning that we need to start changing in how hospitals operate, how patient care is done? Learning a lot. I think there's probably a number of different topics we could talk about in that area. So I could just pick one maybe. And I think one is, and the other thing about this is that it's so fast. I mean, this is happening like at light speed, faster than anybody can even keep up with. So that's the other part about this. The data, there's obviously a lot of clinical data in terms of treatment of patients that people are learning about treatments on real time, which works, which doesn't. And there's a really the, I think one of the examples that people point to is there's by the UK National Health Service, where they conducted a whole bunch of, they constructed a clinical trial for a large number of drugs and they came up with Dexter methadone as one that has effectiveness for treating COVID patients. And so that's an example how they by properly constructing the trial, they can draw accurate conclusions and come up with solutions. So, from, from all the information, I think you've been involved in the data career ship of COVID since, since it started, is that correct? The data what? The data career ship and gathering since the beginning of this, since the beginning of COVID. Um, yeah, that's so much the data and more the epidemic modeling, or modeling of the, how you can, how you can control the epidemic. Oh, perfect. Perfect segue, because that was the next question. So what is the data showing you on how to control this? Which society understand about how the data should influence how we're going to control this. Okay, great question. I think one of the things that we can do. So what the testing is something that we have tried to do and we are doing and continuing to improve at some rate. And it's, it's, it's now in full swing and people are trying to increase testing all over the country and make it better, cheaper, faster, which is all good. It's certainly not been enough. And so that doesn't mean that, you know, we want to stop testing we want to keep going. But, and that will help us find cases and reduce the burden, but they sec, we need something else to control the spread and combination and I think we talked about this on the, on our podcast about how combining it with masks, or social protections of some kind will, and that could include social distancing or anything could would be able to bring the transmission rate below one that are zero below one to in order to stop the spread of the epidemic. And, and since we talked about time, one thing that's come to my become clear is that people are finding that the virus transmits not only through droplets, which are greater than five microns in size but also in aerosols which was trend which are smaller, less than five microns even less than one micron. And these, the properties of these droplets are that they pass right through the cloth or cotton that people have masks that people are wearing so although the cotton masks will stop filter certain percentage of the virus that's exhaled by the breath, or incoming, you know, in the environment. These these aerosols linger for many hours and they, they can they can pass right through this cloth and so we're only getting partial protection. And so one of the things we can do we discovered I think this is all happened last maybe last 3040 days is, is that using. It's kind of like these clockmaster like socks. And we need shoes, we need something that's going to be much better. If we want to keep walking in the streets. And so that the one example of that is the, you know, of course in healthcare settings people use and 95 masks. These and 95 master designed to stop the aerosols to give, you know, the shoes of the industry, except that they've been reserved for healthcare workers because they need them. But the problem is that the more the community virus spreads in the community, the more cases they're going to be showing up at the hospital. So you're actually not really solving any problem by, you know, if the people more and more people getting infected more and more people showing at the hospital and even more people dying. So there are actually industrial masks that are not used by the hospital system. This is an example. This is one example. It's a NIOSH approved and 95 mask. And it's, it could be used by essential workers or healthcare workers and this are not healthcare workers to protect themselves. And because these people who are exposed on a daily basis to the public and to other workers that are keeping the economy running, they, they are actually, we're finding that those are the people ending up in the hospital. And so, you know, people staying at home who can isolate, they're much less likely to get the spread the virus than the people who are obviously exposed for, you know, and that seems that obviously makes logical sense. So those, these types of masks, another mask is this mask here. It's, it's from Canada. It's a, it's a, it has an N95 filter in it. You know, and it has, let me get the other one that I have here. This is a little bit more very industrial looking, but it's a, it's a last American mask. You put it all like this and these are N95 filters. But the point, the thing is, these are, these are just like a seatbelt. They're dummy proof. They're very easy to use. They don't require this big, you know, careful fitting and healthcare training and all that. They're stretchy and the word last America means stretchy. So that's what we can do is by wearing these kinds of off the shelf, pre approved masks, we can, and putting them in the hands of essential workers, I think we can make a big difference. So last question. Uh huh. Yeah. What's your call to arms from the security research community from healthcare from the American population. I called arms. I think right now, this, I think I already sort of discussed a little bit more is I think essential workers need these masks, these N95 capable masks without that. We until this, you know, I think that's really the number one thing we need to get done right now is put them protect the essential workers so that they don't, you know, spread the disease and get sick and bring it home to their families and and I think that that would be a number one. Thank you. Thank you. Patient know how. So go check that out for more information on everything that he's just talked about. Thank you so much. Thank you. So, for everyone that doesn't know. This is Josh. This is our recording producer for this year's virtual conference. And he literally just got told that he is the next interview for this keynote. So let's all welcome john. And just to be clear, he does not work in the cybers, but the reason I wanted you here is literally that reason. You've recorded. I think there's one more talk left. You've recorded 95% of the talks that we've had so far as your brain. It is really full because I did not have any understanding of this field before and I just watched like 20 I think 28 lectures or seminars or whatever we call them. And I'm just the type of personality that if I'm watching something I'm really paying attention to it and trying to figure it out so it's kind of bursting at the moment. So from all the talks you've heard, where in life, your concerns for healthcare. Oh, well, the massive lack of any type of cybersecurity at many HDOs is pretty bad. Personally, I'm going to be working at a small mental health clinic in a few weeks and I'm sure that I'll be asking them a lot of questions about what their cybersecurity is especially since we're delivering all of our services over telehealth. I don't have any other concerns for that. But I also really enjoyed usage to talk about representation in medical studies and I think that's super important in research coming from again studying social work. So coming from that background that's also really important now, especially now when we see such, you know, dramatic demographic distribution of COVID cases. What are your takeaways? What, what should, what should we be working on as a security community? What's your greatest concern that that you think we should get to straight away? Well, I thought street takeaway on getting masks to getting masks to essential workers seems like the most urgent takeaway from any of the, any of the talks now just because that specifically saves lives but I don't think that's really cybersecurity so I don't know if that really answers. It's part of the maker space part of it. So then if, if we're going to go back into the security side, being that you've heard 28 intense talks, and I'm not sorry for that. And you're going to go into social work and you have an understanding, you may, you very likely have a better understanding of how healthcare works now and security around it, more so than a lot of other patients out there. This is a patient as someone going into the hospital. What, what's your, what's your takeaway? What's, what's your greatest need now as a patient walking in. Well, I'd never like to go to the hospital and I, and I sure don't now but if I did, I think I would just make sure that either myself or a companion who's with me. Double checked that whoever was treating me or administering medication or other treatments has my correct record. And that the information is correct that my blood type is correct things like that I would just double check things, which I already I always cross exam a doctor when I talk to them anyway. I think that being an informed patient is really important. So I think that's I think that the potential for accidental mishaps is probably the thing that would get me the most. How do you think our community can engage more. You know what, not even our community. How can your community engage more. What's my community. What is your community. My community right now is my son, my wife and my dog and me. So how can your community engage more in the healthcare security side of the house. Wow. I'm not sure I answered that. I mean, I'll be talking to people at the clinic and so forth and people that I, you know, study within social work school and professors for all my classes moving forward now for the next couple years, because I have attended this conference as the video producer. So I think it'll probably be in the form of conversations with people, you know, in the social work field from my perspective. What questions do you have for the security folks, the biohackers. I think I did have a question. I mean, changing social policy, one thing I do know from studies and from just a career in journalism is that changing social policy in the United States, even when we're at a World War two level event like we're having right now with the coronavirus is still tremendously slow. I think that and this kind of goes back to the other question about outreach. I think that maybe people in the community need to be doing more outreach through people that they know, whether it's on, you know, probably on social media, just to sort of raise questions and try to stimulate some dialogue about what should be what regular people should be prioritizing in this situation and you know I mean it's going to come down to who people vote for in November but it's also it also comes down to like how are you going to spend your time online on social media. You know whether it's you're going to be sharing memes or maybe having a substantial conversation with somebody in the community who might actually have some suggestions for how to improve the situation. I know a few people just by virtue of living where I do is very IT heavy, you know, neighborhood, and we have people who've been building respirators in their ventilators in their rooms or designing software for it or, you know, building masks and things like that. So I think that kind of community outreach is really important I think that, you know, that is maybe the type of thing we should be using social media more for these days and spreading that information. So I wanted to make sure people knew who you were because thank you so much for being part of the village this year, there's so many people that are involved that don't get the accolades that they need. So thank you everyone that I interviewed thank you for trusting me enough to come in cold. I want to thank the organizers for this year, it was, it was a work of love, and thank you to Bo, Sydney, Andrea, Bill, the volunteers, the sponsors, the device folks that are working with us. We appreciate you attendees so much. Watch this space. Enjoy the show.