 Cyber readiness. Okay. This is also going to be on the final exam here on military in Hawaii. Okay. And this is Think Tech. I'm Jay Fidel. We have Jill Tokuda, Amalia Hilliard, and Michael Gardenas. And we're going to talk about cyber readiness and how it begins with you. But before we get into the mix on that, I just want to ask Jill one question. Jill, how is your campaign doing? Give us a crazy, will you? You know, we've got a week and a half before the general, and so we're not slowing down at all. In fact, I will be on every single island, all five of the islands in Congressional District 2 in the next week and a half, making sure people remember it's all about them. I'm running for them to make sure that the things we care about, you know, our families, our kids having a future here in Hawaii, a cyber secure future in Hawaii, I should note that we're able to achieve that. So it's going to be a lot of planes and a lot of boats and everything in between over the next few days. But I really feel humbled to be able to spend so much time with our communities throughout our state. So thanks for that question, Jay. Sure. You are so good. And now that you're coming on Think Tech, you've been on Think Tech before, of course. But now that you're coming on Think Tech two weeks before the election, your future is assured. I love it. I will take that. Absolutely. For every election, I will be on Think Tech. Okay, okay. I'm writing that down. It's also going to be in the final exam. Yeah. So Jill, tell us about cyber attacks on Hawaii. You know, what risk do we have? What should we be worried about? Where are they coming from? What are they like? How can we anticipate them? Yeah. Well, you know, we've had this conversation before. I think Michael and I were in a previous episode. And the reality is, especially in the last few years, as we have migrated more online, both personally for school, for work, and also for business, you know, we have become more reliant on our digital selves, on our digital presence. And as a result of that, sadly, the ability for bad actors to really, you know, attack us has increased tremendously. When we take a look at the FBI's report in 2020, over $5 million was lost in cyber crime in Hawaii alone. And we know that this is a gross under reported number, we know far more than that was lost by Hawaii residents, but they're too shame oftentimes to report it. They think it's not significant enough, nothing can be done. But the reality is, as we continue to migrate online, and we exist in both the physical and digital self, we've got to think about our own hygiene. How are we taking care of our identity? How are you protecting our business? How are you protecting our clients? And so really for cyber Hawaii, you know, we've been focused on making sure that our public and private cybersecurity capacities are as robust as possible. We want to make sure our workforce is able to handle the demands of the future. The Cyber Ready Hawaii program was an opportunity for us to really kind of bring both worlds together. We've got great curriculum out there that we're working with from the Cyber Readiness Institute that teach people how to be cyber safe and secure for their small to medium sized business and nonprofit. But what we realized was missing oftentimes is the human element. And you said it again, the very beginning, Jay, this is about cybersecurity starts with you. How do we really make this a learning system that brings in a coach, a mentor really that will guide people through the process and ensure integrity in terms of having training done and making sure that they actually are ready to both prevent attacks and quite frankly, to know what to do if it happens. And so I'm really blessed to be on screen today with Michael and Amalia, two of our amazing cyber coaches who have been with us through the Cyber Ready Hawaii program. And thanks to them, we literally have thousands of employees across the state that have now been trained and are ready to be the protectors of their nonprofit organizations and companies. And so it's been a great program and we are so blessed to have coaches like Michael and Amalia. That's great. Amalia, just a couple of weeks ago, there was a story in the paper about the airports, which are critical infrastructure. Of course, the airports have websites. The websites may not be operational infrastructure, but they are for the public and they reflect the nature of the airport organization. And there was an attack on Honolulu International websites as well as, I want to say, 15 other cities around the country. And what it suggests to me is that this is the moving target that is asymmetric, that if some guy, and this was, by the way, they said this was a national actor, a national actor. And I always think of the image of Vladimir Putin pops up in my brain every time with that straight face of his doing really insidious things. It's asymmetric, which means that he could wake up in the morning one day and think of something new, something he has never done before, attacking websites for airports as an example of asymmetric. And you don't know. You have no idea whether they're coming in the windows or they're coming in the doors, whether it's new or old or what. So how do you keep up with that? Well, when you say how do we keep up with that is basically how do you keep up with minimizing the disruption to your everyday lives, whether it be airport security or whether it be our fuel lines on the mainland or whether it be our banks and our trusted networks. The idea is that our behavior as human beings is still alluded to before, that we become more vigilant about our own security when it starts with us. Cyber Hawaii does a really good job of stating what needs to be protected and things that you, little things that you can do individually to create habits, these little habits that make us more secure and safe and the environment so that hackers, whether it be national, local or otherwise, we minimize that disruption to make sure that they can't attack us in those ways. We talk about passwords. One of the things that cyber coaches we've been dealing with these small to mid-sized businesses and we get complaints about, oh my gosh, I have to put in 15 whole characters and I'm like, well, if it was your checking account and it was going to be drained tomorrow, would you be willing to put in those same 15 characters? And the answer is, of course, yes. But we really have to have that kind of vigilant idea and approach to all of our security, whether it be, like I said, our computers, our telephones, even at things like people charging their telephones on their computers and their telephone being hacked because they responded to a Costco phishing email and thought it was a good deal and it actually gained the access and they happened to work for, I don't know, an air conditioner or HECO or someone and then all of a sudden they've infiltrated that system. So it really comes down to that behavior on an individual basis and that we try to be as vigilant as we can and think before we respond to an email, before we plant something and when we choose what our login passwords look like so that we can make sure that we're doing the best we can with us within ourselves to protect our information and therefore all of our facilities. So you train other people around the state, businesses and individuals, I suppose, who want to get trained, but who trains you? She mentioned CRI, who is a national company that we worked with for cyber Hawaii and in addition to that, I actually own a cyber company here in Hawaii. My husband, as we talked about military, we were in the military for over 20 years and retired and we provide that same service to the federal government and I happened to be one of the people who just recently graduated and of the 300 cyber AB candidates in the United States that passed by test to be certified as a cyber person and therefore qualified to help businesses and individuals in their cyber hygiene to make sure that they're ready for these attacks. So Michael, how wide and how deep does this go? For example, are you focused on protecting against dealing with doing troubleshooting on attacks or are you also focused on, for example, military contractors who need to strengthen their systems? Is that part of your training as well? Absolutely Jay. So today, you know, cyber security is part of our everyday lives. It's something that we all should know about. We should all have that cyber hygiene to keep our personal data protected, right? But in Hawaii, you know, a lot of our industry is focused around the defense economy, the defense industrial base, federal contractors, those who work with the federal government, right? And what's happened over the past few years is a lot of talks about how to secure the supply chain and meaning not just the government itself, but everyone who does business with them as well. I guess the thought there is, you know, the supply chain, if you can't get into the DOD, why not hack the small business who may not have as much security there, right? So there's a lot of requirements now. We call it NIST 871. They call it CNMC. There's all these acronyms out there that's thrown around. And what it means for us small businesses, and I'm a small business as well, is that it's just very, very confusing, right? So Cyber Hawaii is a great program. We advertise to small, medium-sized businesses and nonprofits, anyone who wants to sign up for the program. And we help educate them, not just on cyber hygiene, but also the small steps they can take for becoming more secure so that they're compliant with, you know, the DOD and government guidelines. Okay, very important. So, you know, Jill, you guys are so professional, so cool, so scientific, so, you know, methodological. Won't you get ticked off that there are people out there for all the worst bad reasons who spend their time thinking of how they can bring us down? I mean, you know, it makes me angry. I'm angry thinking about it. Don't you get angry? You know, I think it just gives us even more momentum and energy to get out there and make sure people are safe at the end of the day. You know, this program, you know, and Michael really, you know, said it clearly, it can be confusing whether you're a small business, a medium-sized business, or a large business, even utilities, financial institutions, regulation compliance is constantly changing. The threats, as you mentioned, are constantly advancing and getting more sophisticated. It really, this program is how do we make sure that we're connecting on the human level to get people to understand how to be flexible, responsive and nimble to the attacks that we know will continue to be increasingly, you know, more sophisticated and difficult to perceive. And it can happen to anyone, you know, one of our cyber coaches was telling me how he has his organization, he's a local affiliate with the national, and he got a call from his HR department on the mainland that said, hey, do you really want to change your bank account information? You know, I got your email this morning, but it's really hard to switch it back. And he had not sent that email. His HR department had been the target of a phishing scam. And honestly, they had, you know, they didn't second guess it, they were going to transfer the account, but she happened to know this individual. So she waited for the time zones to be appropriate. And she called them up with this, you know, this individual, this hacker was clearly focusing on the fact that it was, you know, someplace that has a Hawaii and a mainland organization, they may not check time zones sometimes preclude us from making those phone calls. And had it not just been for a friend on the other side of that email, our coach would have had his paycheck going into someone else's bank account. So anyone can be a target, it's highly sophisticated these days. And again, it all comes down to our strengths as individuals, really being able to perceive threats, and really being able to mitigate them. Yeah, and figure out, you know, make the analysis of where this is coming from, what the extent of it is, how wide and broad and deep is it. The other thing I was going to ask you is that when you have the training, you know, a good part of the course is technical, talking about information technology, talking about computers, you're talking about getting into the mind of the attacker and trying to figure out how to how to how to blunt that somehow or avoid it. But the other part has got to be the fourth power part, the people part. In other words, they come to you, they sit in a class or whatever, whether it's, I don't know if you do the zoom or in person, you're sitting in a class and they say, oh, do I really have to be here? It's not a problem. I haven't had a problem. I'll just listen and look at the ceiling while Amelia tells me to score. But this is really not mission critical for me. And how do you get by that? Because you've got to get them in the right frame of mind. You've got to get them to understand the threat and to listen to you. No, absolutely. And I will say this, and I'd love to have Michael and Amalia talk about this, but one of the most critical components of this again goes back to that human element. And there are requirements to be, you know, in order to get through a program that every single employee from your receptionist, you know, your secretary to your CEO has to be trained, because everyone has to understand the role that they play in ensuring that cybersecurity and that defense for the organization or company. You know, and I think our coaches do an excellent job of really making this personal and real for folks. And, you know, I'd love to hear if they've got some stories as they've had to drag some companies and organizations through the training process. But also you have a lot of aha moments when people really start to get it. That this, it isn't someone else's problem. I can't just hire a vendor or contractor and think I'll be okay. And in too many cases, as we know, when they say, oh, don't worry, I got a guy. When stuff hits the fan, they realize they don't, they don't. And this is what it's about. Yeah, Amalia, so you tell them a few C stories about about, excuse me, about cases that have happened and when businesses really got wrecked. And then maybe they wake up and maybe they get more excited about it and they stop looking at the ceiling. How do you do that? Can you give us some, some of your own techniques in getting their attention? Well, I would say the first thing first is signing up for cyber Hawaii because most people don't even understand that that's a need in the first place because I haven't been affected, but someone made me do it. And so they're, you know, reluctantly, they may be there. And so far, because of COVID, the classes have been via Zoom, and maybe they can be in the classroom at one point in time, but you have to make it personal to them. They are part of the supply chain, as Michael mentioned, but you have, we have 13 military bases on these islands. All right. And this small footprint, the majority of the work, especially small to me, but it's here on Island. So if they're going to attack anywhere, it's going to be here. So you tell them, look, what happens if, because you didn't want to put in that 15 word or passphrase, as I call them, into logging into your computer so that they don't get hacked, and you can't go to work for the next three weeks because you were hacked, because the company lost the viability of that contract because they are no longer trusted, because we couldn't not plug our cell phone into the side jack of the computer, or, you know, the USB, because we wanted to download our photos from our vacation, or from a conference that we attended, and it attacked the architecture of that company. And so when you make it personal to them and understand how it affects their pocketbook, nine times out of 10, most people do respond to that and actually want to pay attention. And again, I spoke of those little habits. That's literally what it is. It's about having cyber hygiene at the forefront of your mind when you go to do anything to say, how could this effect, or could it affect our company? And what does that mean to me and my family? Because ultimately, that's why we're working, right? We work to live. We want to, and make our paycheck. But if the company's been shut down because of something, you don't want to be that guy. That's why one of the guys told me, I don't want to be that guy that accidentally came back from my conference and plugged in something and unknowingly infected our architecture. And so you do have to make it personal. And I think that that's not a hard connection for a lot of our small businesses in Hawaii, but unclogging the spectrum of what cyber, and NIST 800 was mentioned. This scratches the surface of that. There's a long way to go, but it's clarifying what all that means to them in a language that they can understand. And therefore, they can learn to attack the situation and be more proactive in terms of making their cyber hygiene better. What do you say to them when they say, look, I spent $99 on a virus protector, and it says it can also identify phishing. And I'm set. I'm set about it. You don't need to tell me anything because I already have all the software protection that I have and my friends have and my co-workers have. And isn't that enough? Right. And the answer obviously would be no, because we have that. One of the little known factors, and not to make this about antivirus software, is that antivirus software is not manufactured in the U.S. A lot of that's actually manufactured overseas. And right now the government has by America in place for that reason. And I will tell you that a lot of the ones that we have are not effective in necessarily protecting our network architecture. And so again, it goes back to your vigilance and understanding what you're allowing into your system and doing the best you can because you're not going to catch all of it. But if we do the best we can, at least we've got a step forward in that direction. Michael, should I be concerned about a certain graphic software that is actually very popular in the United States? I'm not going to name it right now online, but maybe later I'll tell you. And it's very good. Very good. It does a lot of things and comes up with new versions and all that. But I noticed one day that in between screens it had some Russian Cyrillic there. And I looked it up and found that it was made in Russia. And in Russia we know about the oligarchs and you know we know how Mr. Putin operates and we know how they feel about the United States in general every day, every minute. Should I be concerned about software that is coming from Russia? Like Amalia says, you should be concerned about any software that comes from anywhere. I mean to include the US. You should be very cautious about what you choose, the products you choose to put on your computer because your computer also holds your personal information and for a lot of us it's your personal information and your work information and holds everything. And so every component you add to your computer or your mobile phone, it's just another attack surface. And so we talk a lot about keeping your software updated in the Cyber Hawaii program, the Cyber Ready program. That's step one. Just always keep your software updated because every day, every minute, they're releasing software to patch these vulnerabilities that are being found on the fly. To an extent, there's not a ton that she can do because the alternative is not to use the software at all. A lot of cases, maybe what you're talking about now is it's very popular. It's very mainstream software that's very feature rich and helps you do your job really well. So the answer is never really clear. But it takes me to a larger issue and it's a cybersecurity, especially in the military context, especially in these hit and run experiences we have like with the airports. And that is, you know, they say, you know, that it is testing us, testing us. So it seems like a little know nothing kind of attack. But there's, and it doesn't do that much damage, you do some damage, but not that much. And it's all a way of getting, of laying time bombs in our machines, of establishing draconian networks around the country. That's why I worry about this Russian software, you know. It's not just me. I can get new software, but it's the notion that there's little pieces here that could connect one day. And so I'm wondering, how much can we do, should we do, about the notion of creating all these little attacks as testing grounds for much larger ones? That's actually real. And what that is, it's kind of like back in the day, they used to have these little scams where you would see a penny come out of your bank account. And everybody's like, oh, you know, not sure what that's about. And they kind of got that right now. After this show, we got to talk about it. Exactly. And the idea is that they're testing to see if they can even get in. And they're doing something small that seems inconsequential, so that they can plant those seeds and their, you know, their leaderboards up there going, all these are the accounts that are vulnerable. And so when it's time to actually do the massive attack, they know exactly where they're going. And so you need to pay attention to those little things. You know, whether you have, you know, a lot of companies can't afford, you know, companies that come in or network security, companies that can do a full on install for cybersecurity for them that manage their networks and look at what's kind of happening on their networks. But at the same time, if you have what we're calling controlled and classified information or CUI, that's government related work, which is one of the reasons, you know, for military in Hawaii, there's this new initiative to get CMMC certified by 2026, is that that's a supply chain that they're planning on attacking. And how do we protect that information? Are you doing a good job? And the NIST 800 that Michael was talking about is part of that. And these companies, it's been around for generations are now saying, I'm good, I've got 110, I'm perfect. And now it's time to pay the piper. And all of a sudden we're not. So we're having to now go back and do our homework. So those people that got those little invasions of network, you know, whether it's that penny in the bank or these little cyber crimes that happen to them have to really batten down the hatches now, because when the big one comes, we got to make sure that they're ready and that those avenues are not available to them. So let's talk about reporting this upstream. So if I, if I'm an ordinary, you know, worker, and I see something funny on machine, I'm not sure what to be looking for, but you can tell me, if I see something bizarre in my machine, then I got to do something, right? I can't just say, I'll just reboot, it'll be better later. I have to do more than that. So what do I do Jill, what, you know, what is the protocol on this? And suppose I go to my boss and I tell him this or her, and they say, no, it's funny, that sounds pretty bad. What does my boss do? Where does he go to? Does he go to you guys? Does he go to some special, you know, agency in the government, state, federal, what have you? Because, because, you know, if I find it, or my company finds it, it could be everywhere. And there has to be somebody who, who can look at this and analyze it and deal with it on a, on the highest possible level. How does that work, Jill? Absolutely. And first of all, if you go to our Cyber Hawaii website, you have various resources you can tap into, including where you can go to report. If you have been breached or hacked, or you, you suspect some kind of malicious behavior has been put upon you. I would tell you, though, the real strength of the Cyber Hawaii program is our coaches walk you through developing incident response plans, processes. You don't have to have a CIO or a CISO in your company, but you have to have a point of contact that is going to take charge if something should happen or to be able to really address a situation that could get worse if an employee encounters it. And so really walking through the paces of creating this incident response plan, having a cyber leader within your company, and that is required for this program to have a point person who'll be your cyber lead and training them up to be that leader for the other employees and being able to know how to respond if anything should happen. And hopefully, eight out of 10 times, it's absolutely nothing. But we do want people to start yet into, you know, working that muscle where they always check twice, if not three times. And so the Cyber Hawaii program really is about making sure that the people have the processes and the response plans in place to be able to deal with both keeping themselves safe as well as dealing with an attack. Yeah, it's a village. It's not just you. It's everybody in the company or maybe beyond that. Yes. So Michael, let's go to you for a minute. Okay. And so I have something bizarre on my screen. I say, you know, this is I'll just reboot or you don't know, do I'll reset the whole thing. I'm going to I'm going to do I'm going to reset my computer and just, you know, reload the software or download whatever I need, you know, and so forth. Is that a solution? You know, I think that's what a lot of us do, right? It's not working. It's acting funny. Just reboot it, right? That doesn't work. Reboot it again. So on so forth. But we're trying to solve the issue in front of us so that we can get back to what we were doing. And I think part of being aware of cybersecurity and aware of attacks is knowing that these little incidents, these little problems that these pop-ups on my screen or this weird cryptic message that's scrolling across the top of the bar. That could be evidence of a cyber attack. And so going back to what we're talking about about incident responses, recognizing little activities, little behaviors that it's unusual, right? Suspicious and then taking the action to, you know, enacts my incident response plan. Okay, I'm going to call IT. I'm going to call our security provider and then have them look at this because maybe I don't know the whole picture. Maybe this is going on on my neighbor's computer as well. Right? And it's not just ice. But if I, if I clean it off completely, there's a couple of issues there. Number one is I may lose data. Number two is worse than that. They may have my data. They may have taken my data somewhere in the process. So I've got to have backup. No? What are your thoughts about backup? Where does that fit in all of this? And should it be done on a machine by machine basis or a network basis or, you know, a corporate basis? How do we, how do we handle the question of backup in case somebody is, could steal our backup? I mean, our data, yeah. The answer to that, you know, data is like currency these days. Your data is everywhere and your data is what makes your business, your business makes you successful. You need to protect it all the time. You need to take multiple backups, back it up to the cloud, back it up physically. Because in the event where you're compromised, you have to erase your whole machine, you need to be able to come back with that, right? And we call that business continuity. If I lose my data, I can't just be dead in the water. I've got to be able to come back. It might take a day. It might take a week, but I have to have a way back to my original state, right? A lot of these ransomware attacks, you know, from what we've seen in the business like, you might actually pay the ransom. It doesn't mean you get your data back. You might pay the ransom and you might get your data back, but now that data might exist on the dark web as well. Right? And so a lot of times they just release it anyway. And so what you're trying to protect, you know, it's gone, right? What about insurance? Cyber insurance. That's a whole different topic. Cyber insurance will help you, right? They will cover these ransoms, but now these days, there are requirements to get cyber insurance. Much like there's requirements to do business with the DoD with CNMC, there is requirements to get insurance. So very much the same things. You have a plan. Do you back up your data? Do you use multi-factor authentication? They will check these things now before they give you a policy. So that's good. That's good. You know, I'm remembering, Amalia, Merisk. Merisk, you know, the shipping company, global shipping company. And somebody attacked them maybe a couple of years ago and brought them down. They didn't know what container was on one ship. All their data was gone. And, you know, they had offices and branches and what have you all over the world. And they were having trouble communicating, too. So they had a meeting in London for weeks. They brought all their managers and all their, you know, IT people into London. And they recreated their whole system. And you have to give them credit that, you know, they had the moxie to do that. And they did it, you know, in real time, almost immediately. But it was very expensive business. You know, it almost wrecked their whole global, you know, enterprise. Yeah. So the question I put to you is, if you have a corporation, you know, with multiple offices and all that, you probably need a plan so that what happened to Merisk wouldn't happen to you. So that there's, you know, all kinds of systems and troubleshoot and corporate arrangements to deal with even the worst kind of attack and get you back online. How does that fit in what you are teaching? How does that fit in the expectations that Michael was talking about, where the government expects you to have certain protections like a plan? Is that involved? Yeah. So it's what Jill spoke about earlier. And again, Cyber Hawaii is trying to teach us to get us in the mindset. So the first steps is that behavior. So the incident response plan that we actually help put together with the program. Okay, we actually help you walk through that to understand what's meaningful to you, your data, your currency of your company, to how that should be protected and what you're doing to protect it. We talk about putting all these things together if what happens happens, what you need to do. That's something that signed off. Then we actually do a training program that we actually walk you through for you to be able to train your employees based on your current circumstances at your company, be it small or you don't have multiple companies across the globe. And it's just the one, or if you have three or four of them here in Hawaii or on the mainland to understand what that could look like for your company. And then we actually put together what's a plan of action in milestone questionnaire and it's based on the government's requirements. I don't want to get into too many more acronyms, but basically so that you can use that to then take a next step to if you need further assistance of protecting your information for companies to be able to assist you or maybe what we've done is enough for the size company that you are. I spoke about it earlier, what we call classified, sorry, controlled and classified information. And then we also have DFARS, which is the basis of Defense Federal Acquisition Regulations, which is the basis for the plan of action in milestone that you would have assistance and put in place through Cyber Hawaii. We help with all of those things right out the gate. So that you have a plan and I tell you what that plan and everyone's like, oh, do you know how many resources and how much money this is going to take and how much time? The answer is, yeah, it's going to take a little bit. But the bigger answer is how much would it take or cost you if you don't do it on the back end. And that's what people, unfortunately, like Merce and others have found out the hard way. So the idea is spend a little bit of money now and a little bit of energy and effort now versus the millions or hundreds of thousands that will cost you later. Yeah, no question. Every day you spend building your company, every day you spend improving the systems and to lose that is really tragic. What's that worth? So Jill, you know, the last area I want to ask you about is the going forward part. You have some very talented people here. That's obvious. It was obvious the last time we met. And I just, I worry about the future. I worry about those actors, including state actors who come and nibble away at you. And then one day they decide they're going to go in for the big one for one geopolitical reason or another. And they're going to take whatever they have learned about the systems, including military systems, and they try to break everything. And now it's much worse. And, you know, maybe hopefully you can see that coming. You can smell it coming, you know, that you can have software that can, you know, anticipate it somehow. But how is this organization going to be able to deal with that? You will need more people. You will need more management, I think. You will need more teacher people and technical people. And it'll be not only for, you know, the public in Hawaii, but it'll be for the military and contractor community. I suggest to you, Jill, this will happen. This is a vulnerability that will increase and a risk that will increase. What are you going to do about it? Well, you're absolutely right. Sadly, unfortunately, this is not going away. In fact, it's only going to increase. You know, we talk about these bad actors, they don't discriminate. They don't recognize any boundaries, you know. And quite frankly, they're only going to get worse over time. And so for Cyber Hawaii, our strength, if you ask me, it really is our people. And you're seeing it right here on this platform as we talk to Michael and Amalia. It really is the ability for us to train up the leaders, the coaches, the folks that will be in the businesses on the front lines, defending our cyber identities, keeping us safe and secure, you know, every single day, whether it's in the DOD or quite frankly, the nonprofit down the street, everyone's going to have to understand that they have a role to play in keeping themselves, their organizations and the state and country cyber secure. And so, you know, one of the things we're proud of at Cyber Hawaii too is we have been focused on that next generation. As you said, the threats will continue to come and it'll only get worse. And so we have been very supportive of programs like CompuGirls Hawaii, GenCybers, CyberPatriots. There's so many programs out there focused on making sure that literally from kindergarten, are we training up our kids to recognize potential threats. But more important, we have black cats out there, but how do we have white hats that are really going to be able to counter the attacks and intrusions that we see. And I would love to train up a whole bunch of them as a workforce right here in Hawaii. So we will continue to be on the front lines of defense. We've talked about that, Jay. Hawaii is strategically located in a place where defense is always a part of our life. How can we make sure that we have the cyber soldiers, quite frankly, that are going to lead the way for Hawaii and the rest of this country. And it starts with us training programs like this. It starts with supporting our university. The university of Hawaii system actually helped to create a robust pool of interns that worked with us on this program. And quite frankly, we'll continue to help us with a help desk for this program. So our strength, again, really is our people in Cyber Hawaii, but quite frankly, here in Hawaii in general. And it's about us making sure we train them up, support them, and deploy them into the field to make sure, as you said, when those bad actors hit, we're ready. Okay. You know, we have expert expertise, for example, in hospitality. We're an international tourist destination. We have experts in everything around hospitality. And we export that expertise. In other words, somebody goes through the process, the learning process, the business, the promotional process, here in Hawaii on behalf of that industry. And then they go to other locations, other destination resorts. So, you know, that's an exporting of our expertise. What about this area? Can we create a workforce with such expertise that they could have a job anywhere, anywhere in the country, any part of the federal government, or, you know, whatever, or industry? Are we capable of that? Are we doing that? Should we do that? Will we do that? Absolutely. And I'd love for my girl and Amalia to add on in terms of their own personal experiences. But I will tell you that one of the unintended consequences and very positive ones we've seen from this program is we've had a hard time keeping our cybercoaches, Jay. And I'll tell you why. Because as they've interacted more with individuals out in the industry and with businesses and organizations, they've been pulled away because they are talented. And we have recruited from a number of different places, folks that are already in the workforce that are looking to diversify. We've had college students and graduate students ready to go into the workforce. Again, you know, this program has really shown us that we have strength here in our local workforce. There are jobs, there are opportunities. Now can we create that pathway to make sure that our children, our workers are the ones to fill the jobs we know are going to be here and have to be here as well. They can't be our greatest export. And we can't import in that talent. We have to grow them locally. But I would love to hear Michael, Amalia, share their stories in this area. Yeah, Michael and Amalia, you know, why don't you comment the way Jill suggests, but we don't want to put any ideas in your head about leaving, okay? You got to stay here. We need you here, okay? Go ahead, Michael. Absolutely. Thank you, Jay. Thank you, Jill, for the opportunity to be in this program. This has been just an amazing experience for me. I actually started out as a company applying to go through the program. We are in cybersecurity. We know how to do this, but what was hard for me was to dedicate the time to actually go through and set up the incident response plan to build the SSP, right? And so having someone there just to guide us through has just been so, so valuable. And we see it with every company we interact with, they are just so thankful. It is free, but it costs you some time for sure, right? But you have someone there who knows what you need to do. We are there every step of the way giving you the resources and the feedback that you need to get through this, right? In terms of the future, a lot of folks that I've interacted with, I believe they've actually come back through and applied to be coaches themselves. So what I like the most is that as we go out and help other companies here in Hawaii, we're just so much like family that we've come back through and we help another person out in the end, right? So coming together as an industry, you know, Amali and I, we're both CMMC RPOs. This is something that we do in our day jobs, but kind of being able to do this as a volunteer, not profit, it's just a great, great experience. Amalia, how much of what Michael said you agree with? Oh, all of it for sure. In addition to that, we've been lucky and asked, we're actually located in the Manila Innovation Center. And so we've actually had interns from the cyber engineering or computer engineering department actually interned with us over the years, and we're able to allow them in the internship into the DoD spaces to understand what it is that they could be doing in cyber. And that right there is the magic, because again, we have 13 bases on these islands. We have a very focused group of graduates coming out of our universities and colleges, and they're hungry, they're here, and it's they're smart and capable, and it's just being able to give them those opportunities. And for companies having the resources to do that, to bring them in and let them get, you know, life work right here on island and get the security clearances or whatever else they need to do in order to support the federal government here on island and grow this base, because there are, I think the Director of Cyber Security told us something along, because he was here visiting us, right, Michael, a couple weeks ago, and there's 750,000 open jobs in the United States right now on a regular, continual basis. So the opportunity's there. We just have to figure out a way for our engineers, computer analysts and everything else who have an interest in cybersecurity to get them into those internships and to those job placements where they have the opportunity to learn and therefore teach. And then we can start that tranche of people just staying here instead of having to hire off island in order to support our federal government that resides here. Yeah, at least some of that can be virtual, can it? That's the way of the world right now. So Jill, we're at a time that I want to offer you, you know, I want to say, for example, to go back to our original conversation here. This is a great organization you've built. It's a great legacy you will, may I say, be leaving behind at some point, maybe in two weeks even. But I would like to offer you the opportunity of saying goodbye and leaving a message to our viewers. And your potential clients. No, you know, I just want to again reiterate that the success of cyber Hawaii is the strength of all of our people. We have some amazing members. We have coaches and we have leaders, we have partners in the Cyber Readiness Institute, the University of Hawaii, you know, all of our higher education institutions here in Hawaii, our Department of Education, our businesses that have all come to the table with the understanding that we cannot stand alone against the cyber threats and intrusions that we are seeing that at the end of the day, defense has taken on a different form and it will continue to and we have to be prepared and we have to make sure that we have the workforce ready to stand up and defend us. And it's just been a real honor for us to work with amazing coaches like you see here, all of our members, and quite frankly, we're going to the need is only going to continue to grow as we talked about. And so I'm excited to see where cyber Hawaii goes from here. I'm excited to see where every one of our coaches go from here. We're not going to let them go too far. But they are needed. They are so needed, Jay, as you all know, in terms of really being out there to protect us. And so thank you for always hosting these conversations. And I think it's only going to continue as we go forward. What a great chapter for all of you to be doing this. You know, at the end of the day, you're helping people and you're helping Hawaii businesses and you're helping Hawaii. And that's the kind of thing that great gratification. And it's gratifying to talk to you too, I might add. Jill Tokuta, Michael Cardius, Amalia Hilliard, thank you very much for joining us today. It was very, very helpful, very educational, and it will, it will, it will certainly stick here on Hawaii. Thank you so much. Thank you so much for watching Think Tech Hawaii. If you like what we do, please like us and click the subscribe button on YouTube and the follow button on Vimeo. You can also follow us on Facebook, Instagram, Twitter, and LinkedIn, and donate to us at thinktechhawaii.com. Mahalo.