 But we also want to recognize some other folks who really helped us to pull this off and their partners in a number of different ways. We have Spotlight Labs. Spotlight Labs and Norwich University's Psychology Department is working on a Defense Advanced Research Projects Agency project on RF Impact on Pilots. And we're so glad that Spotlight Labs could be here today. Brad Everman, thank you so much. We also have recognition. I want to recognize the National Cybersecurity Preparedness Consortium, which is a group that's been working together since about 2004, was authorized recently in federal legislation. Thank you, Senator Leahy, and also Senator Cornyn, who are the co-sponsors of the legislation, which includes the Criminal Justice Institute of the University of Arkansas, University of Texas at San Antonio, University of Memphis, Texas A&M University's Extension Engineering Services. So we deliver training and education at Norwich University, training education to first responders. So we're so glad that they're recognized. We have for years worked with Dave Bradbury at the Vermont Technology Council and Frank Coffey, as well as the Vermont Center for Emerging Technologies, working together to grow technology in the state of Vermont. So that's a really exciting activity. And if you're looking forward for something to do in October, we're going to have Robots Rising, Arming Artificial Intelligence, which will be a Colby Military Writers Symposium, October 12th and 13th in the Mack Hall auditorium. So if you need to put something on your dance card, we'd love to see you for that event. It's going to be really exciting. So thank you. At this time, I'd like to introduce our second keynote speaker of the day, Eric Goldstein, the Executive Assistant Director for Cybersecurity, Department of Homeland Security's Cybersecurity Infrastructure and Security Agency. In this role, Mr. Goldstein leads CIS' mission to protect and strengthen federal civilian agencies and the nation's critical infrastructure against cyber threats. Previously, Mr. Goldstein was ahead of Cybersecurity Policy Strategy and Regulation at Goldman Sachs, where he led a global team to improve and mature the firm's Cybersecurity Risk Management Program. He also served at CIS' precursor agency, the National Preparedness, Pardon me, Protection and Programs Directed from 2013 to 2017. I'll get it right, sir. In various roles, including Policy Advisor for Federal Network Resilience, Branch Chief for Cybersecurity Partnerships and Engagement, Senior Advisor to Assistant Secretary for Cybersecurity and Senior Counselor to the Undersecretary. Mr. Goldstein was not able to join us in person today, but we have him on the big screen. And thank you very much, Eric, for joining us. The microphone is yours. Thanks so much for that really kind intro. And there's a lot of acronyms in there. And so I appreciate the noble effort to cover the federal acronym SUP. It is such a pleasure to join you all today. I really am sorry that I'm not there in person. I will look forward. Sir, you're muted. Oh, try again. Okay, let's try it now. It's down low. I'm pointing to the folks up in the... Let's try it one more time. Oh, there you go. Thank you. Go ahead, sir. All right. Take two. This is this is what I get for not coming in person. Well, well taken. So again, thank you for that really kind introduction. And I'm sorry that I'm not there in person, but look forward to joining next year. And I'm so glad that I can join today. Before I begin, I really want to thank all the wonderful folks at Norwich University for pulling off today's symposium. It is absolutely essential that we have forums like this to bring together government, the private sector, academia, the nonprofit community to really work on shared problems of the cyber risk facing our nation. And I'm also delighted that today's symposium is being held in honor of Senator Ali, recognizing the extraordinary indeed lifelong impact that the senators had on Norwich University, the hit of Vermont, and from my point of view here at CISA, the nation's cyber defense agency on our nation's cyber security. Senator Ali, he's often called appropriately the nation's cyber senator because of his commitment in moving our nation's cyber security forward. And the senator has been a fundamental and foundational advocate for advancing cyber security in the state of Vermont, across the country, across the world, and indeed here at home within CISA. Now, for those of you who aren't familiar with CISA, we are one of the newest agencies in the federal government. And our job is simple. We are the civilian agency charge with safeguarding our federal civilian networks, our critical infrastructure, and our state local tribal and territorial governments from cyber threats. And really what we're focused on every day at CISA is to make sure that the critical services and data upon which Americans defend our water, our baking system, our power, the ones and zeros that we rely on for every aspect of our life, that these functions, these services remain available under all conditions. And at CISA, we're trying to do this a little bit differently because we know that technology is changing fast. We know that our adversaries are evolving every single day to target our critical networks. And we know that business as usual isn't going to work to manage the threats and the risks we're facing. And so what we're trying to do here at CISA is be a little bit different, a little bit outside of the box, and move towards a model that's predicated on trust and on partnership. And the reason there is simple, the federal government owns and operates a tiny proportion of the critical networks underpinning this country. And so the only way that we can do our jobs is if we partner with the private sector, with academia, with our partners at state and local governments, to really have a shared vision for how to secure this country and do it together. We know that the public-private partnership model has been around for a while. We've been saying that phrase for years to the point that maybe it's even lost a little bit of meaning or certainly it's become a little bit of a buzzword and goodness knows we have enough buzzwords in cybersecurity. And as the very kind intro noted, you know, when I was in the private sector, I almost gave up on the concept recognizing that we've been doing it for so long, maybe it just isn't adding value. And at CISA, we're really trying to change the model, turn it on its head by saying instead of figuring out what the private sector can do for us in government, let's invert that model. Let's figure out how we can be the best part of that we can be really as a supporting function to help organizations across the country most effectively secure their own networks and really critically importantly move to something that is active, that's impactful, and that can measurably reduce risk. That's why we've taken to use the term operational collaboration. What does that mean in practice? It really means that instead of focusing on one off episodic ad hoc sharing of information from one entity to the other without any real expectation of getting something in return, we are moving to a continuous model where our goal is to have operational practitioners from organizations across the country who are continuously every day working together around shared challenges around shared risks. And our goal is to swing that door open for virtual and physical collaboration so we can say we all have the same shared goal. Our goal is that American cyberspace is secure and resilient against our adversaries. And if we can target that goal together and do it again in this actionable, deeply collaborative way, we think we can make some real progress. Now, a lot of this work's been accomplished through a team we call here at CISA, the Joint Cyber Defense Collaborative. And that's an initiative that we launched last year just hit its one-year anniversary. The goal being really simple. Let's get organizations, federal government, state, local travel, territorial, private sector all working together to operate jointly against some of the most significant risks that we're facing. And the JCDC really isn't anything extraordinarily revolutionary. It's really just an evolution of how do we bring partners together to focus on operational collaboration as a means to an end of risk reduction rather than as an end to itself. Now, we, for better or for worse, had opportunity to really test this model over the past year. And one of the areas where we really had to step in as a cyber community was subsequent to Russia's criminal and unprovoked invasion of Ukraine in February, where CISA launched our Shields Up campaign to help all organizations defend against a rapidly evolving cyber threat environment. And so even before Shields Up, we've been working on hardening our nation's critical infrastructure, but the war on Ukraine raised the specter of the first ever truly hybrid war, one in which we had a very real concern about cyber attacks being used to target not only the heroes working to defend Ukraine, but also our allies in Europe or even networks here at home. We've seen throughout the war on Ukraine, Ukrainian networks being targeted by cyber attacks. We have seen some spillover affecting allied networks elsewhere in Europe. And so the Shields Up campaign was our approach to bring together information from across the cyber community from all of our partners in the US government, from our partners in Europe, including in Ukraine, and from our partners in the private sector to say, let's push out really quickly the best possible information that we can to safeguard American networks. This campaign included more than 100 briefings to thousands of participants across the private sector, as well as a single centralized website that was really our source to put out information from all these partners as the threat environment evolved. And our message throughout Shields Up was really simple, that every organization, regardless of sector, regardless of size, is at potential risk, and we all need to take action in our own defense. And during this campaign, we have seen extraordinary collaboration between countries, including those in Europe, not just Ukraine, but Lithuania, Latvia, the Czech Republic across the EU. Countries coming together like never before and building those collaborative ties and then sharing information, recognizing that a threat targeting networks in the Ukraine could potentially be used to target allied networks in Europe or even here in the US. And so our goals to move extraordinarily quickly, to connect those dots, share information across borders so that we can safeguard our networks here at home before damaging incidents occur. We've also worked to issue joint cybersecurity alerts, not just with our partners in the US, but across Europe and indeed across the world to reflect that jointness to show that we're all in this together and putting forward a unified front against a common adversary and a common threat. And even as the world of Ukraine has entered a new phase, we continue to work with our partners across the world to ensure that as cyber threats manifest, we continue to share information really quickly and draw down the risk as it evolves. And I'll just reiterate, even though we have not seen damaging cyber intrusions proximate to the Russian invasion of Ukraine, the risk is not yet over. And we still urge all organizations to take the utmost vigilance, particularly in using this period of heightened risk as an opportunity to make some of the critical control investments or security improvements that maybe have been delayed for years due to cost, due to time, due to other resources. Now is a great time to deploy multi-factor authentication, particularly for your administrative or privileged users. Now is a great time to put in place some of that network segmentation that you've been waiting to do for years. Some of those strategic changes that are not specific to any given threat, but certainly make a tremendous amount of sense when the threat environment remains heightened as it is now. Now I'm going to speak for a bit about what CISA is trying to do to be a service provider, a source of support to organizations public and private across the country. And we are acutely aware that for many organizations, small and medium businesses, local critical infrastructure, our state local tribal and territorial partners, building a fully resourced cybersecurity program may in many cases be cost prohibitive. And so our goal is to really understand the requirements and risks of our partners across the country and provide tools and services that can help organizations make up gaps in their program. This is why we have regional colleagues, including many of whom are attending this symposium, who are in the room there today. I'll call out Matthew McCann, our extraordinary regional director covering Vermont. We have team members on the ground in every state in the country focused on providing cybersecurity support and assistance to organizations throughout our nation. And that support ranges from proactive vulnerability scanning, red team assessments, counseling during incident response, really work to help organizations understand where their gaps are and how they can improve. Now, we also have something that's really exciting that we stood up during our Shields Up campaign, a free resource catalog. And this is a compendium of resources not just from CISA, but also from our government partners, and really interestingly from commercial partners across the country. We solicited input from partners from some of the biggest cybersecurity and tech companies in the country and said, hey, do you have a free cybersecurity service or a low-cost cybersecurity service that you're willing to subsidize that we can offer out there to our partners in local critical infrastructure, the SLTT community, to help make up some of those capacity gaps where partners just can't afford leading solutions based upon their limited resources. And so we encourage everyone in the audience to give a look. To this catalog, it is not enough to build a fully-fledged cybersecurity program, but gosh, it is a great resource to make up some specific gaps in a program without any added expenditures. And, you know, our goal in offering these services really is twofold. First, it's to make sure that we are helping entities throughout the country understand their risk and take steps to reduce it, and also helping us understand here at CISA, what are the sources of risk, what are the vulnerabilities that are affecting a prevalence of organizations that we care about throughout the country so that we can target our guidance, our resources more effectively. Now, I'd be remiss if I spoke at Norwich University and didn't speak about the extraordinary work being done by our academic community to make up the remarkable workforce gap that we're facing in cybersecurity in this country. We know that a cybersecurity workforce that is highly qualified and reflects the diversity of our country is absolutely foundational to meet changes in the risk and technology environment that we are facing every day. And we need to treat this challenge on all its fronts by building a pipeline K212 so that children in school today are learning about cybersecurity, but also the underlying STEM skills that enable more of the technical cybersecurity skills to learn later in education, making sure that individuals entering college and entering the workforce have access to cybersecurity training, whether through a foyer institution, a twerer institution, or more technical training, we need to broaden the pipeline at every single phase. And entities like Norwich University are absolutely foundational in this effort. I'm very proud to note that Norwich University holds the real honor of being a Center for Academic Excellence, and in particularly that Norwich University's Applied Research Institute was awarded a contract by DHS's own Science and Technology Directorate just last year to expand something that's a long acronym, but to expand the distributed environment for critical infrastructure decision-making exercises, a cyber training platform, which is designed to help participants understand the systemic ramification and cascading failures of a cyber intrusion targeting critical infrastructure. This is the kind of work that we have to catalyze and advance across the country, where we are partnering between the federal government and academia to not only increase the pipeline for students entering the cybersecurity community, but also we're investing in some of the really creative, bespoke solutions like the decide program that are going to help us advance the state of the art in cyber security across this country. I'm also delighted that Norwich is a participant in the Cyber Course Scholarship for Service program. For those of you who don't know what the SFS program is, it is one of the neatest programs in our country where promising students are provided with scholarships in exchange for government service. And so every summer at CISA, we have a new class of scholarship for service interns who join our workforce, and these are some of the best and brightest folks in our organization. And then after they finish their education, they come back to the government for a tour of duty. Expanding and catalyzing these kind of programs are absolutely essential to making sure that we have the workforce to meet changes in the technology and risk environment ahead. And that's not all we're doing, and I'm not going to offer a comprehensive overview of our work today, but I'll note a few things. One of which is our Federal Virtual Training Environment, Fed VTE, which is available at no cost for government personnel and veterans. And Fed VTE has more than 60 courses free of charge covering all kinds of cybersecurity topics. And so for those of you who might be interested in just some free training, free education, Fed VTE is a great resource, as well as our National Initiative for Cybersecurity Careers and Studies or NICS website, which is a single hub to learn about all sorts of resources for cybersecurity, education, careers and training. And so as we look ahead toward this long term cybersecurity workforce challenge, this is one that we all have to be in together. And the partnership between academia, the federal government and our partners across the infrastructure who actually have the cybersecurity workforce gap is going to be foundationally essential. And as part of this, we need to make sure that we are targeting not just traditional institutions, but we are laser focused at bringing in underrepresented, underserved communities, because that's where a tremendous amount of talent in this country lies. And our lack of diversity poses a real national security challenge if we can't address it at scale. And so my thanks to the whole team at Norwich University for leaning into the Cybersecurity Workforce Challenge and at CISA, we are honored to partner with you as we work through this challenge together. Now I could go on for the next hour talking about all the amazing things that we are doing in cybersecurity, both at CISA and as a broader national community, but I really want to leave time for your questions. So I want to close out with one really exciting program that we are kicking off this year. Now with tremendous thanks to Senator Leahy and his colleagues in Congress. Last year, Congress passed a new law establishing a state and local cybersecurity grant program. And as part of this program, CISA is partnering with FEMA for a new grant program that's going to provide absolutely invaluable infusions of resources to help our state, tribal and territorial partners build their cyber capacity, build their cyber security investment and really target resources towards the areas that based upon both their needs and CISA's unique expertise are going to have the highest impact in drawing down cybersecurity risk. Now later this year, we're going to publish a notice of funding opportunity or a government speak a NOFO outline of the application process. And I'm so eager for partners in the SLTT community across the country to really capitalize on this program and using it to draw down risks in all of our communities. Now that is a good way to wrap up here because it does reflect the real thrust of today's remarks, which is that the only way we will make progress in our shared challenge with the degree of adversaries targeting our networks, the degree of vulnerabilities that we know remains the case across our country is by doing it together is by having a shared goal, a shared mission and reflecting on the fact that if we try to do it alone, each of us will fail. If we work together, we'll make real progress towards long-term success. So thank you so much for having me. It is such an honor to be here today. It is such an honor to represent the agency at an event honor in the center of lay here. And I really look forward to your questions. Thanks so much. If you have a question for Mr. Goldstein, could you come to a microphone so that he can hear you or you can send your your questions to Cyber Symposium at Norwich at EDU. Mike God? Yes. Mike, good. Okay. This is from Diane Burra, Cyber Security Specialist with Sheeran Associates out of Huntsville, Alabama. We've heard for years, and even speakers today talk about the need for more workers in the cyber realm in all of the open positions. This might be true, but from a recent grad perspective, it's incredibly difficult to get into the field unless you've done the hands on internship, which all students are not able to do. Because even the entry-level positions are requiring years of related experience. How do new grads and entry-level folks break into the field when expectations are unreasonably high to get an entry-level job? Thanks so much for that question. It's a really thoughtful one and I'll answer it in two ways. The first is we as the cyber security community and cyber security employers need to do a better job of giving candidates entering the field the hands-on experience in their roles to be successful. We cannot expect an applicant coming out of college, a two-year school, a graduate program to have all of the hands-on experience to immediately jump into an operational role and be successful. We need models where we provide hands-on training, courses, ride-along, bootcamps that enable candidates to be successful, even if they don't have all of the work experience that would be expected to be fully effective in a given role. This is an area where I think the cyber security community has work to do. Certainly at CISA, and I know many of our other fellow government agencies do have roles at lower grades where we actually don't expect that level of operational experience. We actually would encourage the individual submitting that great question to visit CISA.gov. Take a look at some of the roles that we have available. I think you will find some that don't require a deep work experience, but I fully agree that many employers, including the government, need to do better in this space. Hi, this is Chris Michener with the University of North Georgia. I guess my question is several other federal entities have identified within the six senior military colleges what you just described. And then subsequently they are now putting people into the universities for some type of mentorship role either at a group level or above. What is CISA's role in trying to get into that academic environment and kind of help shape the students that subsequently you want to see as employees in the future? That's a great question. We are working closely with our partners in various branches of the military as well as in the military university and educational system to make sure that we have an aligned approach across government. It is true that there may be subtle differences in a penetration tester or a red teamer at CISA versus the Army versus our colleagues at the NSA, but a lot of the core skills are the same. And so the more that we can align around common curricula, common expectations across the federal family, that is going to make it much easier for individuals to make progress in their careers, to move around different agencies and to move importantly from the private sector to the government and then back. So that is an area where more alignment is needed, but we are closely with our colleagues across agencies to make that a reality. So thank you, Mr. Goldstein, for your comments today and taking our questions. And we look forward to keep you to your word next year. We'll do it in person, sir. Really, really look forward to it. Thank you all. Have a good day and be safe. Great. Thank you, sir.