 Good morning. Thank you. Welcome. We're happy to see you all this morning. My name is Laura Bate. I work on workforce development issues here at New America's Cyber Security Initiative, and it is my pleasure to thank you all for being here this morning. I know for any Friday morning, but particularly a Friday morning in the middle of the summer, we're really thrilled to see this level of turnout. I think that it speaks for itself the level of interest in this topic. I also want to say a particular thank you to Palo Alto Networks who came to us with the original idea for this event and also provided the breakfast, which is critical to success for a Friday morning breakfast. Here at New America, we've spent a lot of time thinking about workforce development and how to increase the pipeline of workers coming into the industry. Of course, a very critical part of that is expanding the number of people and the types of people we think of as people who fit in the industry. We have our humans of cybersecurity project that you'll find online that incorporates stories from different individuals who work in the industry who have passed through telling their stories and just putting into evidence the fact that there are a range of backgrounds and a range of experiences that we see. To that, we're thrilled to give you this current panel, and I'm happy to introduce Ian Wallace, the director, the co-director of the Cyber Security Initiative, to moderate. Thank you, Ian. Thank you very much. Before I start, let me commend to you Laura's work on both on diversity and general cybersecurity workforce issues with Elizabeth Weingart and others at New America. She's done some great work, and I encourage you to go online and follow that up. As Laura said, the purpose of this event is to potentially, challenging times, make a sort of positive case for diversity and innovation in cybersecurity. At New America, one of the things that we feel is very important is storytelling and making public policy through listening to people's own stories and their experiences and lessons we can learn from those. We also, however, want to point out that particularly cybersecurity is an emerging field for which there are many parts, both in and within. I think that some of the stories that we're going to hear today will get a sense of that. We also are a public policy thinking, and there are some meaty policy issues that sit behind some of these issues. As we go on, given that we have this fantastic group of women, we're going to dig into some of those issues as well. To introduce the panel briefly, and I am going to be brief because I'm going to ask them to tell us a little bit more about their own careers, we are joined by Deborah Punkit. Deborah runs her own firm, Punkit Associates, but in her past life was a Director of Information Assurance at the National Security Agency and was a Senior Advisor to the Director on some of the diversity-type issues that we're going to be talking about previously, also served on the National Security Council. Next to Deborah, we have Randy Kiefer. She's currently the Vice President for Cybersecurity Audit at Capital One, but fairly recently left the Department for Homeland Security, where, amongst other things, she was Deputy Director of the National Cybersecurity Communications Integration Center and Chief Information Security Officer for the Transportation Security Agency. We don't do acronyms, but it does extend the introduction. Next to her is Miho Matsubara, who is the Chief Security Officer for Japan at Palo Alpha Networks, and she's had a career that's taken into the Japanese Ministry of Defense and Hitachi in Japan. On the end, we have Samara Moore, who's a Senior Manager for Critical Infrastructure Protection at Exalong, but previous to that served on the National Security Council, where she was the Director for Cybersecurity Critical Infrastructure Protection and had a past career at the Department of Energy. So, as you can tell, we have people who have experience in the private sector, in the public sector, and in a range of different security roles. So I'm going to begin by asking a series of questions to the panelists, then I'm going to move into a moderated discussion, and then, with that half an hour to go, I'm going to open it up for the floor, so please have your questions ready. So to kick us off, Deborah, how do you get into cybersecurity, and when you hear all of the sort of advice in this space, what's the one thing that you think people really should hear that we shouldn't hear about? Great, so thank you again for the invitation to be here, it's really my pleasure. So, you know, I got into cybersecurity, really because of a foundation at the National Security Agency, where I started my career in the mid-1980s, working versus an intelligence analyst when, you know, cyber was just a dream, no one was much talking about it. Moving into the 90s, which is when things like YPK hit the airwaves and raised lots of concerns nationwide, worldwide, about security and the functionality of information systems. It was from there that I did that YPK representational activity at the federal level, and then came back to NSA and ended up ultimately going to the White House and doing cybersecurity policies, and I'd say that was probably that period of time between 1998 and 2001 was really the time when things like the I Love You virus was beginning to wear its head, some of the early viruses that we began to worry about at a national level, and I happened to be working at the National Security Council, working in transnational threats, which was at that time where cyber security was happening, was being born, and so programs like Cybercore, I got to stand up and run from the White House, and then ultimately bring that experience back up to NSA, which really has a robust and probably at one of the earliest robust cyber missions, both from a security perspective, but also from an exploitation perspective, and so the rest of history, I moved through that system, working on both the exploitation side, and then ultimately really wrapping up my career on the security side, serving as the information assurance director. The one piece of advice, I think, when people think about cyber security, I think, and I hear from lots and lots of folks, particularly post retirement, they're asking what kind of certification do I need, what kind of technical competence do I need, how do I gain those experiences, and that's all really, really critically important, but I'd say in cyber security we need lots of technical people, we also need lots of folks who can think from a policy perspective, and that's the message I think that leave is we need folks who can write policy, who can envision what the future looks like, who can think about international norms, and what we might need to do to contribute to the development of those zones in cyber space, and folks who can lead, who can lead people, who can lead organizations, who can lead through difficult and sometimes exciting and challenging times, and so that would be the biggest message I'd say, is that cyber really is a lot of technical work to be done, there's a lot of work to be done on the policy, and even on the legal side. How did you get to where you are now, and what your people are doing? I'll pick up sort of in the middle of where Debbie was speaking, right, so my story is more one of timing, place right time with a background that match. So I majored in criminal justice and computer science, was my minor from the George Washington University, and that was my father's influence who was an IT executive recruiter who said, do something in computer science because that's the future and that's where it's going to go. I wasn't really the best programmer, so I made it my minor, and it really served me well. It gave me that technical foundation to be able to go after a brand new field where cyber didn't even exist back when I graduated. It was IT and information assurance and IT security. Cyber wasn't yet in the lexicon, and while I was pursuing my master's degree in computer fraud investigations, I approached a professor. It was a master's degree designed for the working professional, so it was at night and on weekends, and I approached the professor about working part-time, and I got a job at Fannie Mae as an intern in their risk management division, which we'll probably talk more about this later. I truly believe that cyber is all about risk management, from the technical sense, from the policy sense, in every sense of it. It's all about risk management. In every sense of it, if you have that underlying risk management business foundation, it will take you far. It's understanding how to enable a mission in a very risk-appropriate way. Without the mission, there is no cyber, so that's a big lesson that I've learned along the way. From there, I really sought areas. I got in government right away. I was working as a contractor after Fannie Mae, and my client called me up one day and said, would you be interested in my position and I encouraged you to apply, and that's how I started in government. What separated me on my path was always looking for areas where the biggest challenge was. Every boss I had, what's the biggest challenge and where can I help, and that's really what set me apart. Also communication, and that would be the biggest piece of advice that I have. The technical credentials are necessary. The policy piece of it is critically important. The ability to communicate in every way imaginable, up, down, across, will separate you from those that can't. There are many people that are just not comfortable with it. I encourage if you're one of those and that resonates with you, practice. Step out of your comfort zone, take a class, learn how to speak, and learn how to communicate what it is you're trying to say, because you will then become that go-to person and you will open up doors for yourself that you may not have known were there. You know, you've built your career outside the United States, but you have similarly followed the path that's taking you from government to private sector. Can you tell us a bit more about how you got the way you are and what advice you might have for people starting out in the industry? Thank you so much for this opportunity. I'm so excited about talking about innovation and diversity in cybersecurity. So the reason why I came to American cybersecurity is because I happened to work on cybersecurity when I was in the government amidst the defense and I got out to do my master's degree in Washington D.C. on Fulbright, but back then back in 2009, cybersecurity was not as hot or as sexy as today. Yeah, I don't think we used the word cybersecurity back then. I still was so much cared about security and safety for people because it's a foundational right on national security or international security. And one of my classmates asked me, hey, Nihou, I'm looking for somebody who can write about China and cybersecurity. And I didn't know what she wants to focus on, but I'm like, hey, I think I can do this. So one of my advice is, well, as you said, you have to change yourself sometimes to get out of your comfort zone to take the chance to do something different. And then because I'm a foreigner, I'm not a US citizen, and it was the first time for me to publish something in English about cybersecurity. And it was back in 2010. And again, if I want to do cybersecurity career first, because it wasn't there yet. But it actually helped me a lot afterwards. Like, hey, so I have something in English peer-reviewed later. And one of my side classmates started to work for a cybersecurity company in Washington, DC. And he put me in touch with East Asia cybersecurity intelligence analyst. And he said, oh, hey, Nihou, I know that you are interested in East Asia security. Maybe not necessarily cybersecurity, but maybe you want to talk to him. So I had a coffee with him, and I seen touch. And even though I was not able to get a job there, but I started to send English summaries of what's going on in Japan on cybersecurity or cyber threats for a year. And that commitment helped me to recognize, to be recognized as, okay, so she can do this. So I was not able to get to work in the United States right after my degree here, but it helped me to get a job in Japan. So my piece of advice is, well, try to show your values to people around you. And find the champions who want to endorse you. And also to be a good communicator. Because cyber security is about everything. It touches on every single aspect of national security or daily lives or risk management. And you never know who wants to help you or who needs your help. So you have to be very flexible. You have to be very ambitious and trying to be a great team for everybody. Same question. How did you get to where you are? And given that, what do you think other people can learn from your experience? So again, thank you as well for inviting me to participate on this panel. I'm honored to participate with these accomplished women. I will start out with my first piece of advice and that is really to follow your passion and your interest. And I think that's really what has brought me along in my career. You know, in high school I was motivated by my coach to go into engineering. And I did so. And I found it interesting that that was, you know, mid-90s. And I realized this thing called information systems was popping up. I was interested so I jumped into that. And that really has just led me along the way. Started out doing work within IT and throughout my career I've really gone back and forth between working in the IT field and then the cybersecurity field. And as I've moved along in my years I realized they're really the same field. Doing work securely is the way we should be doing. Looking at them separately is not really the way to go. Particularly now, as we've already heard, we do security so we can enable some functions, some capabilities, some business. You don't do security as a means into itself. So finishing college, so similar to your story, there wasn't a cybersecurity program. So I actually have an undergrad in accounting and information systems. And I got an internship in the late 90s doing enterprise risk services where the industry was really just starting to look at risk management and how computers and systems could be manipulated to have a negative impact on the company. And that's where I got my feet wet. And because it was so new I had so many opportunities to try different fields because it was new for everyone. So there was no need to hold myself back because there really was no expert in the field. And so my advice really is to go for it, learn as you go via continual learner. But don't hold yourself back from something because you don't know. Because guess what, there's some other ambitious person out there who's going to go for it too. So we all might as well go in and collectively work towards the cause. So anyway, in doing consulting I worked for a client, a government client, and they asked me to come on board, getting very similar. And I did so thinking, sure, I'll try this for a little while. And what I learned in my experience was a little while turned into 10 years, I absolutely loved my government service and got so much exposure and so much opportunity because I was willing just to step out there. And then I hit a point, I had wonderful opportunities in multiple departments. I had a wonderful opportunity to serve as part of the National Security Council staff at the White House. And then after that decided to go into private sector. I found a passion for the energy industry and had a wonderful opportunity to go work for Epsilon, one of our nation's largest energy providers. And I'm really enjoying now being able to apply both my technical hands-on skills that I've had in the past, both in IT and security, as well as the policy and program management. So I'll get up front, these jobs never stop. So Samara may have to jump out at some point in the future. So don't be surprised if she steps off the stage but she will hopefully join us later when we have a conversation. But one thing I pick up as a sort of common theme across all of these is there are some great jobs out there which you have come to from different places, but by all accounts come to love. And yet if you look at the statistics for women and minorities in the sort of cybersecurity workforce at large and defining that is pretty difficult, I know. The figures are pretty terrible. Low double digits. So two questions which kind of clearly relate to each other. In terms of the people coming in, is it just easy that those people in schools and universities are simply not getting the advice, the message, the opportunities that you guys had? Or is it that employers aren't seeing the benefits from having highly qualified sort of women coming through? And how do we go about changing? I don't think it's the ladder that they're not seeing the benefits at all. That's never been my experience. And I agree, there's very few women and minorities that cannot tell you how many tables I've sat around that lack diversity in any way imaginable. And I don't know that there's always an awareness of it until it comes up in terms of diversity inclusion efforts that nearly every government agency and every corporation has. That's becoming a bigger and bigger field both in government and private sector. Now that I have a smidge of experience in private sector, I'm seeing it much more prevalently than I do in the government, which is really great to see. I do think that both government and industry can do a better job in funneling to the universities where the technical expertise is coming. And then can actually make a pit to all both genders all diverse cultures and backgrounds and go after them. And so I think there are some government agencies that do this better with others that partner especially with some of the local universities here I know George Mason has a program that gets people in government DW recruits quite heavily in some of the agencies or agencies recruit through DW. And the industry is starting to do this as well. But I think that that's absolutely critical especially in cyber to build off of what Samara was saying. Our story is sort of generated in the 90s where this was new. I'd argue that cyber is a continually new field and whatever skills you had 10 years ago do not apply today. Those technical skills evolve faster than imaginable. So that intellectual curiosity and targeting that new talent that's coming out that's up to speed on today's skills is absolutely key. So I think that's one of the things that we can do to both encourage the university the college pursuit and then funnel that right into the hiring process. The discussion about the lack of capacity from a diversity and gender perspective in cyber security is not a whole lot different from the same discussions we were having years ago about women in math and about women in computer science. What makes it so much more compelling today is that we need so much more capacity in cyber security than we have ever needed in math or in traditional computer science. So that really makes the business case and if we simply look at demographic trends it doesn't take a really smart person to see that they're going to be a lot more women available in the workplace and a lot more people of color available in the workplace. So it's almost a no brainer that we need to figure out how to leverage that capacity in this critical field where we as a nation have a significant deficit in capacity and so while it's true I agree with Randy we've got to work more closely with colleges and universities to recruit, target recruiting at universities that have capacity in the areas of women and minorities. It has to start so much earlier than that. We have to go into the KP-12 arena. The kids who are in school today are better than many of us in using their devices. This is going to be very natural for them and not intimidating and exciting even, but we have to entice them and excite them and make it such that it's not a regulatory burden from place to work but actually an exciting and challenging area of discovery and using technical expertise to make the world a better place for all of us. So I'd say we've got to get into the schools, high schools, middle schools, elementary schools much, much earlier. We've got to do targeted recruiting at colleges and universities that have the capacity. It just costs logic if we're trying to increase diversity that we would aim our recruiting efforts at a university that is not diverse. It doesn't mean you don't go there, but it means if you're trying to get a diverse population, you make sure you also go to places where they are diverse. Thank you. So let's face it, the reality is that only 11% of cyber security workforce today is women and the ratio drops significantly when you talk to the minorities. But I do see the silver lining. So for example, my company Power of the Network launched first national cyber security budget for Girl Scouts in the United States a couple months ago and we are so excited to talk to young Girl Scouts, 12 people to raise cyber security awareness and teach them about an online safety class. And because the reason why the ratio of women or minorities are so low in cyber security workforce today is because lots of women and minorities gave up learning about STEM before going to colleges. So you have to make sure that you have to reach out to potential cyber security workforce pipeline to encourage young girls K-12 or even before that. Hey, so this is actually cool. This is so fascinating and there are so many opportunities on the learning skills and you can do anything about it. And then I am sure that things will start to change, not only just women or minorities but also we have to talk to the leadership and the management because mentorship is so important because young girls and also minorities need a little bit encouragement. This is the chance, you should go for it and then we are going to see more women inclusiveness and diversity in cyber security. A different dimension to the same question and that is there is an existing workforce out there and I have repeatedly run into individuals who are maybe mid into their career who want to shift into cyber security and find it really challenging. And so I think having an open mind to not just developing the pipeline which is very important but also where there are opportunities to leverage prior experience that may not be directly in cyber security but really relate as I mentioned earlier understanding our business is important more now than ever. There is very little of a company mission that is accomplished without technology or cyber security. So if you understand the business you can be key in helping to better secure how that is run and managed. So I think there are opportunities for us to be innovative and find ways to leverage existing employees as well. Fantastic point we have done some work on what we call lateralling into cyber security jobs and where there are lots of jobs and very capable people who sort of see those jobs but don't know quite how to get into them. I guess two questions. One is what is your advice to particularly those women and minorities to encourage them to come into those jobs and secondly what do you think can be done to your point to make that easier? Do your part to get educated in the field and understand it but then to demonstrate how you can apply that because you know theory and book knowledge is important and good but really understanding and being able to apply it is all the better. When you show that you understand the business or a different side and can apply security to that, that is huge, that is powerful but to have a certification alone without the experience is challenging and so really being able to apply and so then how do you get to that? It's really connecting with people taking the initiative, taking opportunities, really finding someone who may be doing what you're interested in learning from them and trying to take advantage of those opportunities, sometimes volunteer opportunities to figure out how do I make those connections so then you can demonstrate on that but it is challenging. You've brought up a really great point because I teach in a graduate school in a cyber security program and many of my students are in that exact place, they're mid-career, they're pursuing advanced education in cyber security and they want to know how do I break in, they're still asking how do I break in and so you know it's a difficult challenge because ultimately at that level you really need an opportunity, you need someone to take a chance, to risk, really take a risk. You does a risk on a mid-career individual so I guess my advice really is more for those who have the capacity and authority to hire is to take a risk. Be willing to pick somebody who doesn't look like you, be willing to give someone an opportunity who has demonstrated perhaps academic accomplishment but has not had an opportunity to apply that in the workplace and give them an opportunity. Every single one of us I think will probably call out that somebody reached down and gave us an opportunity. What benefit does it begin to bring to the organization? We'll go back to the beginning which was we have a significant deficit of cyber security capacity in the United States. Numbers of, in the billions even, I mean I've heard worldwide from a deficit perspective and so if you're not able to retain and recruit and retain from college because particularly the top students are highly sought after and hard to get and hard to keep then why not invest in a student who has perhaps demonstrated capacity maybe even in a different career field but successfully but now is willing to make a change and has applied themselves academically to learn what they need in order to do it. Give them an opportunity. I mean what you gain is the maturity of a mature, of a person who's had a couple of experiences, been through a couple of things and so some stability and then give the opportunity to invest. I think I have a couple of thoughts and it just kind of combines everything. What I'm hearing a lot from women on stage and my own experience as well is it's a lot of who you know. So networking is key right and if it's a field that you're trying to break into go find that specific network and talk to people because it's going to be somebody who's going to give you that chance and if they get to know you a little bit even outside of an office setting that's what you're looking for right. I mean this world still works a lot until you know and so if you can find that right person and you can begin to establish a relationship in some level of trust that's easier for somebody to give you an opportunity than somebody who doesn't know you at all. My second thought on this is it goes back a little bit to the communication but also a value proposition right so if you're in a field that seems unrelated I challenge you to figure out where that link is and what value you can bring right so if you're in a communications field to me that one's a no brainer right but we could pick a music field right so it's mathematics and music that can apply to cyber and so and this we can go on we can play with this in almost any field but be able to demonstrate what that is right and learn if you come within a company and you know the business side and now you want to break into cyber because it's pretty lucrative field and I think that that's a really smart path to go down then demonstrate that business value because to me from a hiring manager the business side of it's invaluable I can bring in all the technical experts I want if they don't understand how the business works and that's one of the it's one of my aha moments having worked in the IT side several times and then going out to visit the field the users of the IT systems how much I didn't understand about their day to day what their challenges were with the system I didn't really know what they did until I went out to visit them so having that business perspective to me is invaluable because I live through that on the other side and so then the willingness to learn the cyber the technical part of it great I'm willing to have you but make that connection for them because not everybody might have that experience because as you say having someone you can go to and ask for advice is extremely important for anyone in the workplace but particularly when you're feeling you're different perhaps for some of your colleagues on the one hand can any of you point to organizations or organized networks that can be helpful and second have you any advice both for mentees looking for mentors or for mentors who feel that they have an opportunity to help and some advice to have how they should go about that let's start with the organized groups are there any networks that you can encourage people to tap into the International Consortium of Minority Cyber Security Professionals a fairly new couple years old great support from the Hill really focused on providing opportunities for minorities with cyber security from mentoring to providing opportunity to work in on campuses to get hands on experience in touching and manipulating and doing cyber in a real time way to pointing folks to fellowships providing fellowship and scholarship so it's ICMCC.org and it's a great organization but I'll mention two one is the executive women form and it's not just at the executive level they work to develop women along their career and it's not just women helping women it's everyone helping women with their schools in itself actually went to one of their conferences a few years ago and was just blown away by the level of the quality of the presentations and sessions both on professional development as well as technical technically. Another one is women in industry I know that's in energy I know that's industry specific so that's another good networking and it really has individuals involved that are all along the spectrum of that area. Up here I'm communications and electric association so do you know up here if you work in the defense industry or defense sector you know this so it's a DOD associated nonprofit organization and it has chapters all over the world especially it has some chapters in the DPA area and it focuses upon networking and also raising awareness on tech, defense, intelligence and cybersecurity of course these days so they have a lot of events, seminars, workshops and if you go to those events and if you do homework enough okay so this speaker is really interesting her background or his background looks so relevant to me then you should talk to her or talk to him right after the event don't just go there and come back right after the event because it's a chance to get decognized because when you are young or you are trying to shift your career path you have to have decognition and ambition and courage to take one step forward to change your gear to close the gap because the reason why you want to get into this field is because you see the gap and you can help out to close it so mine are the same, I participated in many events as well as the women's forum and I too speak highly of them, I think I'll give you a little experience for my capital one side they have a tremendous women in technology program that I found right when I started, I've only been there about seven weeks so this transition is still new to me but one thing that I'm actually fascinated with with this women in IT group is there's a brother group I'll call it called the male allies and that comes to all the events with the women in IT and the fact that they've actually named it is really fascinating to me because my own personal story most of my mentors are male and they're the ones that have guided me or given me opportunities along the way and my guess is if we dig into your stories there's men that took a chance right that knew the value and diversity and that were champions of mine to get me to that next level wherever that was so capital one at least has actually named it and they have people from various places within the business so that there's somebody that you can go through if you're interested who's willing to at least help you along the way potentially give you an opportunity whether it's a detail or you know a voluntary assignment whatever it may be but that's still real while we work to solve this problem That's great and there's quite a personal question it's like what is your advice to men and particularly white men who want to see the benefits of bringing people into a workforce that needs talent but you don't necessarily have the experience of mentoring particularly women and people of color in this space and it might be the advice to do what you do with everyone else but I would welcome your thoughts on that. Well so when we're talking about diversity sometimes the discussion only focuses on hitting the number and I think it's wrong because diversity should be inclusion as well to pay respect to different cultures backgrounds minorities and everything something different for me because they can bring values to your team or to yourself so my advice to senior male leadership is like okay so try to think about what you want to see happening to your daughter or your wife or your sister then because they might have a change of okay I don't want this happening to my daughter or my mother or my sister then they can personalize and okay so this is something I can offer to these women. Let's say do a gut check think about those that you currently mentor and maybe you don't even call it mentoring but it probably is think of those that you might pull aside and give some advice to or send them an email to say hey I heard a job is opening up and think about what they look like and then challenge yourself to get outside of your norm and to pick up someone who doesn't look like you someone who doesn't think like you someone who comes from a different background and my greatest joy from a mentor's perspective is that you gain so much from mentoring someone who doesn't look like you doesn't have your background and so but it's going to take a significant number of people that look like you even having that courage that's probably been spoken of in order to more quickly and sufficiently advance the number of women and minorities and cyber. I would just say there are many out there who are and so for those that are I would say speak up to your peers challenge your peers to be the same and when you see things going on around you that maybe you wouldn't have done and you don't approve of, don't be quiet you know challenge the community to continue to move forward in this area Right Lee, picking up something Randy mentioned this is a constantly evolving space and one of the things that you know better than I do is going to change cyber security over the next decade is artificial intelligence and computers doing the work that people currently do or they used to do in the past. That of course provides an opportunity for those people who get ahead of that game. What advice are you giving both to sort of girls at school or women and other people in the workforce who about future-proofing their careers and making sure that they're going to be in the best-paying jobs of the next decade? I was just on the west coast last week through a cyber fellowship actually having this conversation about the future of cyber and machine learning and AI. So to demystify some of machine learning and AI it is still math, right? We are still programming mathematically computers to do something better more efficiently optimizing something however even though it can learn and you can machine is now so evolved with enough horsepower that it can learn on its own there still nothing will replace human ingenuity and creativity, right? We have yet to teach a computer that or mathematically code that. So I caution against that everything is going away. I do think that the future of jobs is changing and I after two days of talking about this I have two daughters they're one in three I had a conversation with my husband how do we raise them to be successful in this next generation because it's not going to look like what everyone in this room went through and so I think that there's a few fields that are I think the medical field is completely safe from this for a while I think machines will help in operations and medicine but I think that's still good, right? And their computers is one of them though, right? So embracing this absolutely being able to understand the math and science behind what makes machine learning and AI move, this is higher level thinking that will be necessary to steer this in a good direction, right? If we're cyber professionals in this room we sort of think about the risks involved in some of this and AI and machine learning can be scary at the same time, right? So it's going to take a generation of responsible thinking youth to move this in the right direction but that being said STEM now becomes imperative in a background and absolutely at the K through 12, right? If you need that foundational understanding to be able to take these fields into wherever they're going to go which I don't think we can even imagine what that looks like today I find the question interesting because when you talk about how we're advancing technology all I see is opportunity. So I think for a cyber security field, security is ever increasingly more important and innovative ways to do so. So the way we have done security in the last 20, 30 years may not and likely is not the way we need to do security into the future. So let's kind of figure that out and let's be a part of that and you know, right along with this change. It's a project on the future of work and one of the things that we're taking forward is cyber security as an opportunity within that context as some jobs disappear potential to build new careers in this space. And that one of the real opportunities that we've been exploring is the potential for careers not just in the federal government but in local and state governments who are increasingly dealing with these challenges. Every one of you has spent some time in government and in the private sector even if it's a short amount of time. When people come to you and say, where do I get my start? Government, private sector, somewhere else? What advice are you giving them and what do you think are the pros and cons of different places to start your career? With the consultant answer, right? It depends. There isn't a cookie cutter approach on where to go. It's about where do you interest it in, where do you shine and then how do the opportunities match up with what you're looking to do now or it may be how does this opportunity help you get to where you want to be in five years or ten years. So it's really weighing them but I don't know that I would easily say, oh you must start in government or you must start in industry. It's really about what aligns with your interest and your passion at that time. What are the pros and cons of either? I'd say first of all that times have changed. We will likely have very few like me with 31 years in government. That time is probably past and instead we'll have folks, especially technical folks moving in and out of government and I think that is a phenomenal scenario because government gets the benefit of the experience they gain on the outside and then private sector gets the experience and bring it coming back and forth. So when folks come to me and ask here are the pros of government, stability, an opportunity to work on some of the nation's most challenging programs problems, an opportunity to serve not to be hokey but an opportunity to serve the nation and not having to worry about billable hours bottom lines but you don't make the pay and so that really is the balance is on the private sector side you can make more money. As far as working hard I think both can challenge you significantly to work hard depending on where you might land so I think you still get an opportunity to work as hard. You might have to work harder because you're billing on the side of private industry. The opportunity to travel I think both can provide that as determined by where you go and so you know it's really easy to say you get paid more in private sector and less in government but that is much deeper than that. When in government I had mid-career folks come out of private sector into government because they were ready to have a family they needed lots of leave. They needed the stability that provided. That's a very legitimate reason to come in and then after you've raised your family a bit then you can go back into private sector where you have some more personal flexibility. I'll tell you a little bit about my story and some of what I appreciated about the government and I agree with everything you said. There's no answer for this. All experiences get you to where you are and hopefully build on that from where you want to go. What I appreciated about the government is a tremendous emphasis on leadership development. There's opportunity and training galore in this space and it's not just reading a book. It's like in person training it's fellowships to network amongst groups and peers and really these people that you evolve with in your career that may diverge and now you have a person in another agency or in the private sector that you can still call upon because you have some experience. I've been through several of those fellowships and I call people all the time and they pick up the phone and it's like you just pick up right where you left off. The other thing there was a time in my career when I actually stepped out of cyber so I had been doing compliance and fisma compliance and I started having nightmares in red yellow green stoplight charts and I decided that there was more to life than red yellow green stoplight charts so I really looked for a good leader in government and again asked him what his biggest challenge was to try it and it turned out to be a law enforcement technology initiative and he needed helping communications and outreach. Let's give it a go. And I did that laterally. The government I think is one unique place where you can sort of change career fields and not have to start all the way back over. I didn't have to pay cut, I didn't have to go back to school. He was willing to leverage my confidence, the skills that I had built for my project and program management skills to apply it in a new area and again that intellectual curiosity of I can do this and if it doesn't work out then move me. And so from there I then became the chief of staff of that program and filled out my business portfolio so I learned all about acquisitions and budget and training and HR and then that's when cyber really started to take a boom and I came back in and now I had this really nice portfolio of not just the technical background but now all the business elements as well. This is when I stepped into the CISO role and created a functioning organization that included all of those pieces. But that was a risk. It was a risk to step out. Somebody had to give me a chance. I had to prove myself but it was knowing where I needed to fill out my portfolio to really be successful at a higher level which is where I wanted to be. The government afforded me that opportunity. Maybe the private sector would do. I simply don't know. Now on the private sector they moved that back. So government it takes a while to implement a system. Private sector I've now even in seven weeks there I've seen one stand up in a week. We need this. We've identified a need. We have the money for it. Let's do it. And they did. And so that's like wow. That's fun. That's kind of energizing that that would have taken at least six months to a year in the government and so and I know cloud and agile we're doing better and we're going faster at all this but it's still difficult in the government. So that's exciting and that really can be energizing to know that everything you learn about project management from like cost schedule, scope, triple constraint and you can do it in a week too and it still works. I have an experience in walking in the Japanese government, American think tanks, Japanese industry and American industries. So it all depends on what kind of opportunities you see and what kind of values you want to bring in and it's all about timing too. And so because numbers touch upon the benefits of walking in think tanks or academia I can share a little bit about my experiences. So I think the beauty to walking academia think tank is you can hold neutral positions and you also have a greater freedom of speech so you can publish a lot and you can also hold events like this to reach out to the larger population you would never think of in the government or in the industry because if you walk for private sector because you will focus on the specialty of your company or your specialty of the government sector. But if you're in a think tank you can be more creative. I'm not saying that the government or private sector are not creative but you have more freedom to come up with a project to reach out to also for instance visit about innovation and also diversity in cybersecurity and it's easier to think tank to do it rather than the government. There's a lot of people here who have some really great questions but I'm going to pre-empt that with one final question for myself. This conversation doesn't happen enough but when it does sometimes it goes well and sometimes it doesn't. So my final question is what bothers you about the diversity in cybersecurity conversations what are we getting wrong and how can we address that? It bothers me that it's a thing just in general and maybe it's because I'm a woman and so I come with a different perspective that I just want the best person for the job and I'm going to cast a wide net to find that whatever the job may be and yeah I'm going to be deliberate in making a diverse group because in my experience diverse groups are more successful. Let me be clear when I say that when I look for diversity I'm not always looking for certain jobs that need technical skills and that's kind of a no brainer. But what makes a good organization is the people period. You take care of your people you put together a high functioning team where you have an introvert and an extrovert that can pair up and bring the best out of each other, bring the introvert out, tamp the extrovert down. You have people that can, but it's true right? I mean you need to balance a whole team. So when I speak about diversity I'm looking for skills both technically and those soft skills that I want to balance out my team so that I know I need a new perspective. We've tried something that's not working. I'm going to bring in someone who I know thinks differently than me because I'm missing something. Again though I've had a lot of leadership training to not be afraid of that. That's sort of been my experience is that the teams that, the environments that I've been in that didn't work that way had some lack of leadership at the top that wasn't willing to take that chance and that's why I made it my personal mission to continue to go up that rank so that I could demonstrate it to others and start breaking down some of those barriers. That's not a golden answer that you're looking for, but it's my experience there. One of the things that we want to get to in this kind of conversation is how do we improve the quality of the dialogue so that we contribute to a better workforce at the end of the day. Anyone else want to chip in before we open it up? I sometimes feel frustrated when some people try to define really narrowly about cybersecurity jobs or cybersecurity career first because some people only think okay, so cybersecurity is just about technologies or solutions. Yes, technologies and solutions are so important and crucial to solve problems, but we also need skills, strategies, policy makers, lawyers, and also national security or threat intelligence or soft builders. As I said, because every single aspect of our daily lives of national security touches upon IT and also cybersecurity. You have to understand that everything around you is relevant to cybersecurity and maybe your job title currently doesn't say cybersecurity or something or IT, you can take advantage of your background from the past and the current one to say like hey, so I've been helping this to close the gap between this and this, so I'm confident that I can get into this field to take a job on cybersecurity analysis or strategies or policy makers, then because it is also helpful for your potential employers too, because then they can realize okay, I never thought about it, but actually you're right because this is relevant to cybersecurity, I need you. So this is all about closing the gap between building and winning a champion to end those years. You need to be more supportive of think tankers and lawyers. If you have a question, please pick up your hand, tell us who you are, where you're from, and end your question with a question mark. Start over here. And Yoon, my colleague, has the microphone. So for the benefit of people online, please speak into the microphone. Hi, I'm Kathy and I'm with Palo Alto Network. My question is one of the things that I have found about Palo Alto Networks, I have worked my entire career basically as a contractor for the government until I came into Palo Alto Network. In the last two summers we've had some amazing interns working for us, and I have nieces and nephews, I don't have children of my own, and I was talking to the interns trying to understand what it was that they did that set them apart from other people that got them internships at Palo Alto Network. And I actually made my nephew come in and meet all of the interns so that I could talk to him about what is it that makes you somebody that we want to have within our organization. So my question is what can we do to help these kids understand. I'm super excited about the Girl Scouts of the USA and the work that we're going to be doing with them. I'm a Girl Scout and my niece got her Gold Award that helped her get into college. My nephews all, they both have gotten their Eagle Award, their Eagle Scout from Boy Scout that also helped them get into college. So what is it that we can do from an organizational perspective to help these young kids understand what is it that I need to do to set myself aside or so that I'm more noticeable in this community so that I can get these types of internship opportunities. Most of the interns that we had, we found them. They didn't find us. So how do we find these kids, how do we work with these kids and how do we grow them? So to build on that, particularly within terms of more generally role, can the private sector play the help people in the community? Tony, the private sector has resources, got lots and lots of dollars, right? You know, public schools, local schools, particularly public schools, would welcome mentoring, sponsorship of programs. I mean, I know, I've done it since I've been retired. And they, with open arms, welcome you in. So look at how you might, in your local community, have an impact by investing in mentoring, in programs, in camps, in summer opportunities, in internship opportunities, in exposure opportunities to give kids high schoolers and even college students a chance. I think my advice is similar. I think there's many companies, Capital One is an example that really values involvement in the local community. So we're headquartered here in McLean and we are involved a lot with the schools and not just the colleges, especially the high schools and the elementary schools. We have big offices in Richmond, same thing there. So anywhere you see Capital One, they're involved in the local community. So as you're raising children, right, find where those local companies are that may have some program that you can get involved in. Capital One also has an associate rotation program I think. So it's students fresh out of school that literally rotate around to try to hit that more millennial mentality of let's try a few things so you can figure out what you want as opposed to committing to something and then jumping around very quickly to try to figure it out kind of the harder way. So that's a way that I'm watching where a company is actually adjusting to the new kind of mentality that comes out. They do rotate through cyber and sometimes we keep them and sometimes we let them go. But the girls who code those programs, that's an area to target also for hiring. I've done some events with them as well. It's just great opportunities now at that younger level to get involved and then set yourself apart. Mihael, also what are the things that you when you're looking for interns to pick up County's point, you say ah, that's an example of someone I want to. If young people are thinking how can they get ahead, what sort of opportunities should they be looking for? I'm interested in one thing, but the challenges young people often encounter is the lack of experience and lack of recognition and also they sometimes don't know what kind of job will be doing for them in the future. So I would advise trying to go into cyber security conferences or events in your local community as much as possible and also talking to people who are sitting right next to you or they're going to see who are thinking like hey, so I found your story really fascinating. How can we like you or something like that then you can start a conversation and maybe he or she doesn't have good advice, but they should have some contacts to share with you to help them to be a mentor in the future. Okay, I think we had another question in the middle. The microphone is one of our fantastic interns there. Hi, my name is Ashwita, I recently graduated from American University. I'm currently on the job hunt, which is a lot of fun. So my question to you I guess is during a while on my job hunt, I found a lot of jobs that are super technical for penetration testing, information security, etc. Is there really a capacity deficit on the policy side of things and as hiring managers, and this goes to you too, Ian, what would persuade you to hire someone of an international student or who someone is not American in this? I believe there is a deficit on the policy side for sure too. Particularly with, because most many of the folks who are in policy space today grew up, particularly if we're talking about government, grew up in the government, had a career maybe in other places in transition, what policy could benefit from is fresh thinking and that fresh thinking comes from experiences outside of government whether it's in academia or think tanks or a private sector and so there absolutely I believe is a need for more capacity on the policy side. What would make you pick someone for such an opportunity? I think having demonstrated, obviously wherever you came from, having demonstrated success in it, whatever your story, that you've had some success in it, but you've had some opportunities to learn and you're able to articulate that. I have to foot-stomp Randy's comments about communication, you've got to be able to communicate, you've got to be able to represent yourself, you've got to be able to tell your story succinctly because many times you only have a couple of minutes with someone to make an impression. Always have something ready to hand because again a couple of minutes it might be all you have and then take advantage of those networking opportunities to include big conferences like RSA, you know 40,000 people it's top because there's so many people it's overwhelming. There's so many great opportunities there to meet with professionals, to make contacts to schedule follow-on opportunities to discuss potential. So as a known, I used to be a known American student in Washington DC between 2009 and 2011 and I can totally relate to that as a foreigner here it's so challenging to get into the security field because well you have some differences here. But at the same time so I was so like working really hard to think about okay so how can I get a job because I was jobless when I was a student here and I knew that I have to find a job when I go back to Japan so I was thinking really hard like okay so I really need to get a job after this, after this and then I'm like okay so I have to be decolonized so I went to many conferences and I was sitting in the back because of course I was a student I cannot be a speaker but I did my homework. I tried to understand the agenda and also about speakers and I raised my hand every single Q&A session and tried to come up with smart questions as much as possible to try to be the members because if you're just sitting in the back you are nobody but if you can speak up just like you did you have a courage to do that and I'm so impressed with it and if you do that then somebody may talk to you after what okay so you ask a really good question and then you might start a conversation with her or with him or their colleagues or mentors and well this doesn't mean you do a job right now in the next month but maybe in the future you can get a better opportunity to get hired. The only additional advice I would offer is certainly if you're interested in getting into the policy world is get out there and write and talk and one of the advantages of modern technology is there are lots of avenues to get your writing out there and given the immaturity of this space there's plenty of white space where there are opportunities to provide your voice and quickly build yourself into the only person who's really writing in that space and certainly speaking for someone who recruits into a think tank I'm relatively confident that people can learn their subject learning how to write well and speak well is much more challenging if you can prove that you're halfway there if you can build your personal brand by basically have name recognition even if you're relatively junior you're halfway to getting a job and that's in some ways if you're coming from a slightly different background you have an opportunity some of the best sort of new cyber security related policy work is cyber security and something cyber security in states, cyber security and workforce issues, cyber security and international development is something we're doing here and if you come in with that expertise maybe geographic you can be different from everyone else in this space we're going to come over to this side and we're going to start grouping up some questions Hi my name is Meghnave Loy I'm with a non-profit based here in DC interviews and working for the global technology team so my question is really on how to combat some stereotypes I've similarly been in many spaces and rooms where I'm the only woman or been at conferences where we break out and the security group is the only woman and in the open source developer world the discreetly sort of the imbalances even worse so any advice that you guys have on how to deal with that I know it becomes increasingly frustrating when it happens so often so any advice you guys have so we and apologies to the men in the room but from a women's perspective we can be our best ally so go and recruit and go and talk to other women and introduce them to other people and pass their resumes around as a federal hiring manager I hired women I was proud of that so one day at a time and we'll change it by one hire at a time and you can begin to change the shape of that room and what it looks like but yeah it's going to be frustrating and we're not there yet there's a lot of room for improvement but we absolutely have ownership of that space so that happens don't be marginalized as the women in the room don't allow yourself to be an equal player demand it, contribute and demand the same level of respect and attention and opportunity to contribute as every other person in the room so stick your hand up we'll take three questions at a time and then we'll start to get into the fight you rapid fire on station so one here, one on the second row and one at the back on this side well thank you Montimini with the state department I work on communications around cyber issues so my question is really about kind of the current your assessment of the current brand around cyber security and whether or not that is inhibiting or helping to attract students that would not otherwise go into computer science IT to cyber security because you know when you think about some of the efforts underway with NICE and NIST you know these are things that you're already getting kind of the current pipeline but how do you get additional students who might not otherwise think about that and then in addition to that just what role the government could play in supporting that and specifically this model of apprenticeships that has recently come out in the executive order is that helpful or is that something that you think industry may not immediately kind of jump on? Thank you all very much my name is Haywan I'm currently at the World Bank doing Interactive Things for Agriculture project my question kind of builds upon from one of the questions already raised coming from professional and academic training and international relations and international policy background what would be your piece of advice to build technical skills as a woman who is little too old for Girl Scouts or the Girls Coding Program to really apply my policy and international development interest to average cyber security importance of cyber security in the field Hi my name is Anne Kogus and I'm an assistant professor of media studies at the University of Virginia and I do research on US-China media and technology relations but this is actually related to my students so in media studies we have predominantly female students who understand socio and technical systems really really well and I teach a class called media and cyber security and by the time they finish I was like how can I work in this field of cyber security and I would love to be able to give them better advice on specifically how they could leverage their experience in media studies understanding of the socio-technical systems to kind of specific entry level types of positions within the government or barring that like different ways to kind of get technical training at kind of not necessarily the level of engineering but at the level that leverages their experience and understanding to be able to kind of move forward in that career field because it's like rooms full of women who are just like how can I also be a technical professional and I feel like there's more that I could be doing there so thank you. That's very encouraging to hear but it does raise links to our second question. A lot of people particularly I guess in DC come out with positive degrees but recognize that they need to have technical smarts to get ahead. Outside of doing the Girl Scouts and doing a masters degree what opportunities are available and then picking up the question about sort of broad culture and other different ways of learning. Because I think cyber security gets a bad rep today and we need to change that. So cyber security people walk in the room and they're like no, what are you going to tell me I can't do today and that's wrong. We have to change that and I think that that was where the field started as we were bulking it on, we weren't baking it in and so we came in and said you got to stop that sort of bad behavior that we consider in cyber and do something different. We should be evolved enough where we added into the front now so we enabled the mission from the beginning. I think to your point earlier if we raise a more security aware and privacy aware generation this will be demanded so we can get out of this mentality. Cyber should be a mission enabler. Absolutely and I think if you do it that way and then you talk about some of like the protection and the defense side of it, it's really fun and exciting. And it's a way to sell this field where people may be interested that don't know it. That's my opinion on that. From the technical side you don't need to be an expert. I think you need to know enough of the fundamentals of the technical to know how it applies to whatever you're talking about in international or policy. There's so much open source training out there right now. Certified ethical hackers that's the fundamental of how a computer system works, how it could be attacked, how it could be descended. I kind of start there and I'm not even saying just doing that certification but learning how to go get that certification will give you some of that technical background that gives you some of those threads where you can at least speak it. And then from the media perspective I think that's fascinating. So what comes to mind immediately for that is training. That's kind of an outreach thing. We need way more people that can go and speak about cyber. So it's related to media a little bit but the general awareness training, user based training, how we go out and speak to people from that technical perspective in a way that they can understand it which media people are kind of taught to do to think differently about it. So that's an area that both federal and private I've seen both. I mean everybody has a fairly robust training program or they're certainly building it up. That's just what comes to mind first. There's probably more there I just need to think about it a little bit. On that media side almost every large federal organization, the Public Affairs Office today is going to have somebody who can talk cyber. Someone who's going to be able to speak technically. That's one source. Then in major publications, newspapers everybody now has got a cyber or tech lead and look for apprenticeship opportunities with the newspapers and print media as well as online media opportunities. Those are the two that come to mind. We'll work from the back in a few days. Right at the back of the room, then the lady in the back row and then the lady in the back row. Hi, good afternoon. Shana Cooley from DHS at Randy. Hi, the question that I have being that there are so many young students inside the actual room or young people that are coming into the actual cybersecurity feel how do we teach them to be secure internally? We secure systems from a confidentiality, integrity as well as an availability of information, but once they get inside the actual profession how do we teach them to be secure and confident within it? Because women just as much as we want women to come into the field is just as quick as they're leaving the field because they don't see people that look like them or when they're actually having the actual cyber discussions, the diversity within the field. So what recommendations that you can give to a lot of the young people that are in the room to teach them how to secure themselves first before coming into the field so that they can face or yield adversity once they get into the field and be able to maintain themselves in the field? I'll pin the back wall behind you. Sean Waterman, I'm a reporter with the Scoot News Group. Thanks very much for holding this event. I wanted to ask a question about government service in the current administration. I mean we have a White House where there are some senior officials who are clearly ambivalent at least about the prospect of large-scale non-anglo immigration into the United States. We have a president who has boasted about sexual assault. Is that an issue for government workforce cyber recruitment right now? One more. Third row. Hello. I'm from post-soviet space, formerly Fulbright Scholar, but practice at PCVE, so preventing and countering violent extremism. So absolutely in terms of defense security, right? A soft background with zero cyber security background, which is super important for PCV. So my question is actually two-folded. First, when you talk about policy people, how popular among your networks of policy background with zero cyber security background people? And second is what is the how popular is the investment into those who come with zero cyber security backgrounds into cyber security to gain certain training while doing cyber security. Thank you. Three questions. One about retention, one about the state of federal cyber security workforce and one about how to get those sort of policy smarts if you're coming from outside. Great to see another Fulbright in this room. So I've been talking to several young students to meet career women who have policy backgrounds and who do not necessarily have background of cyber security on their resume at this stage, but they are interested in getting to cyber security field. So from my own observation, I would say that the cyber security is getting really popular among policy people. So the next question is how to get into this field? Because I don't have anything on cyber security on my resume at this stage. But good news is that all of the organizations or government or academia or non-profit organizations do cyber security a little bit these days. So you can relate your backgrounds a little bit to cyber security saying that hey, so because I've been doing this and they are relevant to cyber security. So I have an amazing colleagues who have international trade backgrounds and she did an international trade policy in the government and she also helped trade association and she was able to take advantage to bring her knowledge and contacts to our company to help us to get smart about cyber security from international trade and international relations perspective. So I'm sure that everybody in this policy field can bring values to this field. So on that, I think Ian's advice is spot on. Publish something. So demonstrate your ability to take what you are an expert in and apply it to cyber. So first, if you're sending resumes in or if you're especially applying online, there are some key word searches. So cyber has to show up somewhere. So put it there. Put it in the title of an article that you've done so you can at least get through that automated check. But then just demonstrate that you have the capacity to go learn that you've done research in this area. So maybe you don't have any professional accomplishments yet, but that'll take you a long way in establishing that you're ready to enter this field. I can only speak to my government experience there where I've seen many policy people with no technical background move into this field because it was so new and it needed to be filled. So I think it's quite possible. I don't know how that looks outside of government. Sean, for your question, I believe that cyber is a nonpartisan issue. Do I think that the administration is having an impact on the ability to recruit and hire? I don't know. I think the field is exciting enough and there is a lot of opportunity that it's an area where, I can just say from a federal hiring perspective, we did not have a shortness in application. So we did not see any decline in that. We do have we did, sorry, it's not we anymore, but DHS had special hiring authorities that enabled us to hire better, faster, quicker and I never saw a drop off since the change in administration. And that final question, I encourage people to go seek out, right, to build a network either whether it's an official mentor, whether it's a buddy, whether it's somebody that they could just talk to about what they're seeing and then maybe find a leader that can help them navigate through it. It can be frustrating, I think it's still frustrating for all of us in this field, but it doesn't have to be so overwhelming that we're losing people because of it. But just to name it and actually begin that conversation, I think people will find that there's many that feel the same way and there's safety in numbers that way. I was just going to comment, I think you probably said almost everything I was going to say which is great, perfect. This notion of securing yourself if you are the one and only and feeling like you're the only one in a group, in a crowd, is first making sure you have a good sense of what your personal values are and that you stick with them no matter what, absolutely no matter what. And then you surround yourself outside of that environment with people who can support you, who can give you critical assessments of you who can help you to develop and grow and be confident in where you are and stick with your values. That's a great note on which to end. I know there are other people who wanted to ask questions, but we're very fortunate in that our panellists have agreed to hang around for a little while. So please come and ask them questions, get some advice, get guidance and we'll be hanging around for a little while. I just want to finish by saying a number of things. Firstly, thank you very much to our panellists who are fantastic and I can confidently predict this won't be the last time you see many of them on this stage. We will be returning to these issues. We have just incidentally completed a partnership with Florida International University who are very, very focused on diversity and increasingly interested in cybersecurity. So I think we're going to be returning to these issues. And for those of you who are not aware of it please check out our Humans of Cyber Security blog on Medium.com which is very much focused around providing a platform for women and minorities and others who come from diverse backgrounds in the cybersecurity community. Some fantastic articles, apart from anything else, but well worth the reading. And finally, thank you to Palo Alto Network to pay for our breakfast and help bring this event. And finally, thank you very much for all of you. It's important for I think the cybersecurity community to have these conversations and they're much better conversations if we have really great people engaged in them. So thank you very much.