 I would say the biggest thing is get involved, find something you like. InfoSec's a big space, find something you like in it and learn more about it. Just dive into it. A year and a half ago, I didn't really know a lot about USB and it just started digging into it and learned more and more and really liked it. So, you know, go to some cons, get out there, network a little bit, meet people, but really find something you like and just dig into it. Well, the best thing, since it is such a vast field, they can easily get lost and lose their interest, be discouraged. So, the best advice I can give is that they start with something they like, they love. For example, if they like networking, that they start looking at networking and that they try to solve problems that haven't been solved before and persist to that because persistence is very important to find solutions or workouts. Don't give up after a couple of days if it doesn't work. Just persist, get help from other people. You know, there have been security researchers who have worked for years on problems just to find a final exploit or final work. So, choose what you love and persist to it. That's my advice. Read voraciously. Like, everything you can possibly find. There are lots of good communities out there. Reddit or NetSec is a particularly good one. There are lots of online classes. Dan Guido posts all of his videos from his class at NYU Poly and those are taught by the best people in the industry. So, it's almost like having a personal tutor walk you through things. There's lots of opportunities to out there if you have the drive to pursue them. Just start reading. I think the number one piece of career advice that I can give, now I have found a little bit of success in machine and machine. Machine and machine is a broad spectrum industry. As I previously mentioned, there are millions of applications out there in every single engineering application thinkable today. So, if somebody is specifically interested in medicine or telecommunications or ATM machines or what have you, there's a M2M device there that needs to be secured that probably hasn't been reviewed from a security point of view. And that gives everybody an opportunity to jump into this billion-dollar industry where they have a chance to really change a device and enhance a device from a security perspective that could affect millions of customers all over the world. And that's a really significant thing that we can get involved with that really makes it a better idea or a better way for us as researchers to get involved in the user community, right? If I was talking to somebody coming into the information security industry, if you like, I would say that don't discount the importance of communications. Have a look at psychology as something as a sidebar subject that you might read into because understanding why people do what they do and how to affect that behaviour through persuasion is a huge part of information security. I mean, it's what the social engineers are doing to get past our defences. So, we should be tooling up, if you like, in the same department. So, psychology and behavioural analysis is really important and good communications. So, security is a really interesting area and the reason why stuck with it and why most people in the field stick with it is because it is so intellectually challenging. I think people who want to get into the industry should focus on a broad base, first of all. There's many niches you can go into, but I think if you cover something like the CISSP course, which gives you a broad background, that's definitely something that you can build on. And there's so much intellectually that's stimulating in our field that you can just pick anyone. So, you've got mobile that's very hot right now, botnets that's very hot. But at the end of the day, people want to be able to use their computers simply and safely. And it's people such as the speakers of Black Hat and the attendees which are making that possible. I think it's funny that you say, what device would you give somebody breaking into security? As a matter of fact, that tends to be the way that people do, they break into security, right? You fall into a role like this. But the reality is if you're going to try to get into this kind of role, get into more of a defensive behavioral analysis, you just have to be able to understand people. I think that's something that is sort of a lost art. We understand technology because it's easy, right? It tends to be binary. Either it does this or this. We can program it to do certain things. When it fails, we can understand why it failed. Modeling human behavior and trying to figure out, we've always said that humans are going to be our weakest link in information security. That is going to be sort of the Holy Grail, the magical thing that we're all trying to obtain. How do we get to that understanding the human part and model what their behavior is going to be? And then try to figure out how to train them. It's like Pavlov's dog. How do you make sure that every time somebody gets an email that looks sketchy, their first reaction isn't to double click on that attachment. Their first reaction is to go delete, right? That's what we need to figure out how to train people to do. And if you're trying to break into this field, I think it's a good thing to do to have a social background, sociology, psychology. Security isn't just about knowing packets and TCP stacks and buffers and all that kind of digital stuff. Knowing the human side of it I think is a big asset these days. Being able to model not just a threat, but the defenses against it because that's overwhelming too, right? All that data that's being gathered.