 Oh, really? There's time to hear it came out, right? It came out. Well. Well. But Whitman came out. He was a moderate Republican. That was most definitely not going to happen. That's right. Thanks. Take care. Take care, Governor. Thanks. I'll sit next to you. Yeah. Thank you. All right, welcome. So we're going to spend a little bit of time talking about the cyber workforce today. As mentioned, I'm Ted Johnson, fellow here at New America, and newly retired from the United States Navy after a long career there. Once I left the Navy, the way people characterized the workforce was they used this word talent. It's not personnel anymore, and the military was just my sailors. But I love this word of talent for our workforce. And as has been discussed throughout the day today, there is a talent shortage when it comes to cybersecurity. But there is a distinction here. There is no shortage of talent. The United States has been blessed with many things, two big oceans on either side. Lots of natural resources and an abundance of talent here. And the question is, how do we access that talent appropriately? Not only do we grow our own talent, but we also attract talent from around the world. So brain drains for other nations tends to be a net positive for the United States. That's a good thing, particularly for the cyber workforce. Now, in thinking about what a cyber warrior looks like, what a cyber professional looks like, we can think back to the presidential campaign when they were debating about the hack into the DNC. And then candidate Trump mentioned that it could be Russia, it could be China, or a 400 pound guy in his bed. That's the perception of what a cyber professional is. And as everyone in this room knows, that's a little too narrow to accurately describe who is the cyber workforce and the amount of talent that we have here that can be leveraged towards some of these issues. So to talk about this, I've got Congressman Jim Langevin from the United States, from the U.S. Representative from Second District of Rhode Island. And then I've got Kirsten Todd, the Executive Director of the Presidential Commission on Enhancing National Cyber Security. Then we've got Angela McKay, Senior Director of the Government's Security Policy and Strategy at Microsoft. And we have General Buckner, who is the Deputy Commander of Operations for the Cyber National Mission Force at Fort Meade, Maryland. So what we'll do is each one of the panelists here will take about three to four minutes just to talk about the challenges they see with the cyber workforce, perceptions, stereotypes, and how we can better position ourselves to address the shortage. And after that, we'll do a short facilitated discussion and then open it up to Q&A. So thanks very much and over to you, Congressman. Very good. Well, thank you very much. And it's great to be with you all today and honored to be with my fellow panelists here who may have worked with over the years on this issue of cyber. But I'm glad we're holding this panel on cyber workforce because it's something that is incredibly important to our country. And I can tell you that we are woefully under resourced when it comes to the number of people that we have in the cyber security field. First of all, we need to start thinking about this at much younger ages than what we are right now. And that means whether it's in elementary or middle school or in high school. And getting kids comfortable with learning about IT and programming. And we've started in that vein in Rhode Island doing just that. Rhode Island just became recently the first state in the country, thanks to Microsoft, by the way. Thank you, Angela, offering coding classes to every high school in the state. So we identified the challenges that we have in this area. And at least in Rhode Island, and I hope other places, we're starting to do more about it. Beyond that, we also need to focus more at the federal level of thinking about how we bring cyber talent into the government, maybe non-traditional federal workers, if you will. The perception is that the hackers, the guides and the hoodies that are in their parent's basement, and they're just doing the fairest things. And yet that is the furthest thing from the truth. Some of these hackers, or I'd prefer to call them cyber researchers, that some of their PhDs or master's degrees, some of them just good at IT. And this is the thing that they do. They're tinkerers. They like to figure things out, it's almost like solving puzzles. And we need to do more to encourage that talent and putting it to positive use in the government, but in society in general. But I can say this, that the issue and the challenges in cyber security are not going away anytime soon. They're going to be with us for the foreseeable future for generations. And we're, as a country, that makes most youth of the internet. We are most dependent on it, but we're also most vulnerable to its security flaws. And so we've got to do a better job of developing a cyber IT workforce and certainly do more to bring that talent into government. Very good. Thank you. Kirsten. Thanks very much, Ted. And thanks very much to New America for this great summit. I think the thought process behind it and really thinking through how to address these issues provocatively is important at this time. It's interesting. We talk about the hoodie and the hacker, the 400-pound person. I mean, who knows, this person could be in a nice half-zip sitting in their living room. I mean, this characterization that we have right now, we make the joke that if you go out to RSA and you see a billboard with somebody on it or a theme on it, that either means that you're behind the time for what that billboard is saying. And so we saw a lot of hoodies this time at RSA. So we might be beyond the hoodie. The commission that I was the executive director of was an independent bipartisan commission that concluded on December 15th. And it had six imperatives, one of which was truly looking at workforce development. And what was interesting was, in our first meeting that we held in May of last year, we heard immediately from large companies, actually large banks, that the issue isn't that we don't have enough workforce. The issue is that the workforce that we have is not trained effectively. Rest assured, over the course of the next eight months, we certainly heard that we don't have enough workforce. But what was interesting was really looking at both of those issues. And the commission came up with both short-term and long-term recommendations. And from the short-term perspective, it was how do you train the current workforce effectively? And one of the ways that we looked at that was this idea that actually translates across all sectors with cybersecurity, which is a change in thinking from the fact that cybersecurity is not optional. Cybersecurity is core to the mission of every agency, of every entity, of every enterprise, of every institution. And as such, it needs to be integrated into that core functioning and that foundation of that entity. And so how do you start to ingrain this idea of cybersecurity over the long term? But again, so from the short-term perspective, we looked at mid-career training programs. And we talked about a translation for those of you who are familiar with the Presidential Management Fellowship Program from government. It works for students right out of grad school. But we talked about doing it for cybersecurity, not only right out of grad school, but also as a mid-career training program. So pulling managers from enterprises, both technology-related and not technology-related, to train them in cybersecurity. We also looked at industry and government exchanges. And Angela and I were just talking about this. So I'll let her talk a little bit in greater detail. But we had several companies, including Microsoft, represented on the commission. And everybody talked about this idea that when you have exchanges set up between government and industry, it's very effective and it works. And what was interesting is some of the government people said, well, but we're gonna lose people to industry if you create those exchanges. And the statistics around this and the data around this are not actually representing that. And what Angela and I were just talking about, and again, she can go into greater detail, is actually the reward on both sides is very effective. And so two of the companies represented on the commission are actually engaged in developing this exchange with government and their own companies. And so looking at how to do that, to the congressman's point, we addressed a lot of the education issues. And this idea that if you are a first grader and you're getting a Chrome computer or an Apple iPad, then you should be learning cybersecurity right alongside of that. And when we look at how workforces are developed, they're developed through what you know inherently. And so when children talk about being a teacher or a construction worker or a doctor, it's what they are surrounded by. And so similarly, if they're growing up with iPads or Chrome computers, that is a fantastic opportunity to again integrate cybersecurity into what they're developing. And that develops a workforce organically and not kind of the bolt on at the end. And so ultimately, as we looked at these recommendations, both from the short term around, how do you train the current workforce to exchange programs and the longer term education and building this out and also looking at core curricula for institutions? The idea here is that cybersecurity is core to the function of everything that we're doing. And if we're truly going to create a skilled digital economy, we need to be integrating cybersecurity into all that we're doing and not make it an exception. And so hopefully some of the recommendations I know the government last year and there's some efforts that are being addressed this year are looking at how to work for that both from government and industry. But it's truly about creating a secure and strong digital economy and ensuring that everybody has the skill set regardless of the position description to truly understand cybersecurity in some capacity. Very good. Thank you, Angela. Perfect, thanks, Ted. And I'd also like to thank New America for having me here. I think we've heard from Representative Langevin and from Kirsten a little bit about the challenges domestically. But I'd like to broaden that scope just a little bit and put the challenges domestically in the context of what we're seeing on a global basis. So right now you have some two plus odd billion users around the world on a global basis online. And we expect in the next five years or so to have another two plus billion users coming online around the world. And so when you're basically almost doubling the internet population and you're doubling that internet population from a series of places around the world that don't necessarily have the same ways of interacting with the internet, they're coming online via mobile devices, families who are using a single phone. It ends up changing the dynamic that we have to think about. That entire global basis is competing for the same pool of talent. And it's not just government and industry who are competing for that. It's government, industry, academia, think tanks. This issue is so popular right now. And so you really have to think about not just fostering the overall talent pool but how you're going to position the companies and the government here to be able to retain that talent pool in a way that's effective. I think there's at least two objectives that I'd like to parse out in this. I think that we have to think a little bit about how to build the cybersecurity workforce. So those who are going to be dedicated and focused on cybersecurity. But we also have to think, and Kirsten started to get to this, about the overall cyber-savvy workforce. So how do we actually make sure that the general workforce has sufficient skills to be engaged with technology in a safe and secure manner? I'll give a couple of recommendations underneath the cybersecurity workforce and one or two underneath cyber-savvy. In the cybersecurity workforce thing, also try and highlight, excuse me, the sofa is really cushy. Highlight some examples of where I've seen some of these things work, kind of putting a little bit of a human face on some of the recommendations here. So first in the context of the cybersecurity workforce, I really think we have to focus on apprenticeships and exchange programs. And Kirsten started to mention this, things like the Scholarship for Service program that exists here in the United States, where you can get basically payment for some of your education if you go ahead and commit to serving in the government for a while is a really good thing. But the exchange programs where you start to have experience across departments and agencies within the government and between government and industry are really, really quite important. That's where we've seen from a very practical and tangible perspective some of the greatest learnings. We've done, for example, cert to cert exchange programs where we've had someone from a computer emergency response team sit within Microsoft's computer emergency response team, the Microsoft Security Response Center, and back and forth. And the reason that's so important is guys, they learn a lot. I have sat, for example, I supported the US government for a while when I first moved into Microsoft. It was incredibly different. The rhythm of business, the cadence at which business operates, and the recognition that you have to be working towards what are those returns on investment? You don't get kind of a very broad budget. You have to be able to demonstrate what the return is. At the same time, when people from industry go into the governmental side, they start to also understand how to bring together the different equities across departments and agencies, and that's actually not really easy. And also the space where a single failure on the part of the government can sometimes be the media coverage above the line on the newspaper fold. And so managing those kind of public perception equities is super difficult. A second idea is working on the career paths, and I know this has been talked about a lot, and I think there has been real progress in the idea of career path for cybersecurity professionals. But what I'd like to highlight is I think the military has done this well, and the private sector is doing pretty good here, but there's still a lot of improvements to be made. In particular, I think we have to focus on incentivizing people being able to have experiences in other domains and how that can still accrue to a career path, right? I've talked with people who are in, for example, I won't name the department or agency here, but I've talked to people who are in a U.S. government department or agency who wanted to come to the private sector, but they said, basically, if I go out, those two years of my time in the private sector will be basically time out, and I'll have to plug back in and start competing with people who are moving ahead. That just isn't the way. We're gonna have to incentivize that kind of multidisciplinary exchange. The last piece is just a little bit on changing the image. I was working on a job description earlier today for someone and I thought I was at the bottom and I thought this was really relevant. Most people look for, well, you want a computer science or a computer engineering degree or an international law degree with five years of experience. Well, when I think about it, a lot of the experiences and the people that I know don't necessarily have the quote credentials, unquote, that are very typical in this space. Actually, we were talking earlier before we came in that one of the best pen testers inside of Microsoft was a theology major in college and then he dropped out. He dropped out because he realized that's not where his passion was. And so what I'd like to say is I really think we have to think about the passion being a really key driver in the commitment and making sure that we think about diversity, diversity of gender, race, age, experience, education, all leading to an environment that fosters more creativity and innovation because that's what gets talent to stay. People want to have interesting things to work on. They want some degree of autonomy to be able to work on it. They want an environment that cultivates that. I have a few more things on Cyber Savvy but I think I might have gone my three minutes so I'm gonna hand it over. Very good, thank you. Thanks, I will pick up on that theme and also my thanks to New America and specifically to Ian Wallace and to UTED for the opportunity to challenge the stereotypical hacker or cybersecurity expert in the military. I feel like my presence just sitting here in uniform. I brought a joint teammate there in uniform. You can see his hair is short and he has professional grooming standards according to regulation. Just that is a challenge. We exist. And as a part of a lot of these forums, well aware of the challenges that, the particular challenges that we in the government and certainly specifically the military have to attract this type of workforce. But I would counter that this mission of defending the nation in cyberspace has attracted some extraordinary talent and the department has actually and all of the services have listened over all of these different types of seminars have actually implemented many of the ideas that we have heard as a part of these think tank forums and exhibited an extraordinary degree of agility in adapting what have been longstanding processes across all of the services in the department to assess this workforce to build it and to keep it. And if not, and then we've made it easier to transition across to the private sector. It is here representing US Cyber Command. I work with, my teammates are the cyber warriors, the high end cyber warriors. And before returning to the Cyber National Mission Force, I did spend two years building the Army Cyber Branch, which if you think about the significance of that, we have infantry, we have armor, we have all these longstanding specialties. The last new branch in the Army was special forces in 1987 and that alone, the fact that we would now elevate cyber to that same specialty in order to specifically develop this talent and provide it with a career path, I think shows the significance and all of the services have some similar initiative. That's been extremely important. We now have the depth and the breadth of talent or to support the growth within these specialties. I'd also equate that to Alex's earlier idea that we've elevate cyber, that now cyber is not just an afterthought or an enabler, but actually part of an operational force, which is extraordinarily important because our talent wants to be a part of making a difference. So what's changed? We have phenomenal talent, technical junior leaders who are inclined to serve and U.S. Cyber Command and specifically the service cyber commands have now given that talent a home. They can start at the beginning and they have a career path that takes them all the way up to the highest rank or perhaps it keeps them doing exactly what they wanna be doing. They don't necessarily have to follow a well-defined path. And I love the idea that for every idea, you just wanna be able to say, give me an opportunity to say no because if a person wants to stay in but I'd like to do this, things like internships, fellowships, career intermissions to be able to go out, join the private sector and come back, we have all implemented those types of programs just for that. Also not lost on me is a change in military culture as Alex alluded to earlier, which was, I don't wanna say, perhaps he set a culture of failure but that would be a workforce that we want to find problems. We don't just want to solve problems and kind of build on successes but actually find problems and then do the, and we have leaders who then not only solve those problems but find more problems and develop their successors who also become problem finders. I'd highlight three specific people indicative of our larger talent. One is a Sergeant First Class. She's an E7 who has two PhDs. So in our enlisted force, two PhDs and she's instructing now at our Army Cyber School. I have, we do have a cyber officer who recently completed Ranger School. So a computer science graduate but also along the Army's premier leadership school, a cyber officer among the Ranger graduates. And then I also have our equivalent of the the theologist and that would be a talented warrant officer with no college degree but yet contributing to our mission and in fact developed in partnership with a local university developed a college program for developers so we could make more people like him and give them opportunities that he didn't have. I close with four specific highlights. One is that this mission of defending the nation in cyberspace is a huge attracts our talent. The second is that the department and our military services have developed agile a session programs and career paths for all of them. Again, I just want an idea to implement because we want to keep this workforce. The third is that certainly diversity of talent, multi-discipline cyber team. Certainly we have computer scientists and engineers. They are the nucleus of our force but what really distinguishes our force is the outlier talent, if you will. The gamers, the visualization specialists, the data scientists, the lawyers, the policy experts they are a part of our team as well. And then finally, and we can't keep everyone that's just how we're built. But when we transition someone to government service or to the private sector, they are well grounded in moral and ethical training as well as leaders in their field. And I feel like that's also a bigger contribution not just within U.S. Cyber Command or the cyber mission but really to our government, to our country. Very good, very good. So I'm gonna move to the audience for questions but I did wanna ask the congressman. In the 40s or 50s I believe it was the Defense Department and the Defense Bill put in money specifically for math and science education to create the workforce that could come up with things like the GPS and stealth technology and precision guided munitions. What's the right legislative mix to create the next cyber workforce or to incentivize our public school systems and universities to fill these gaps we have? Sure, so first of all I'd like the cyber core program that exists right now. There are hundreds of college students who sign up at this program by which they, if they accepted, basically their junior and senior year of college is paid for, they get a stipend of $22,500. And then they make a commitment when they graduate to go into cyber workforce in government either at the local state or the federal level. So that's one example. I'd like to see more certainly public-private partnerships when you do incentivize. I think even at the younger levels I know that the presidential commission talked about this concept of encouraging more young people going to college from high school thinking about a career in cyber and having some type of tuition assistance program. So these types of things are more of what I'd like to see but beyond that I'd also like to see us involve more of the cyber research community for invulnerability disclosure programs. So my hats off to Secretary Ash Carter for being bold enough to embrace a vulnerability disclosure program that they called the Bug Bounty Program. And over a four week period we had about 1400 cyber researchers that participated in the Hack the Pentagon program. And during that time they found approximately 125 vulnerabilities in the Pentagon cyber network that in the public network that some of which were very serious. And it all cost about $150,000 in sort of a prize or reward money versus the significant amount of money or the million or a million dollar in millions range for the current maintenance program that we yielded about 10 vulnerabilities a year. So it makes great sense to do that. We're gonna see more of that. I know the Pentagon now is expanding that program. IRS is launching a vulnerability disclosure program. We need to do more of that government-wide. Very good. I'm gonna ask one question of the three of you and then we'll move to the Q and A. So in 30 seconds or so if the cyber professional is not the 400-pound guy on the bed and it's not or not just him, rather. It could be him. It could be him, that's right. So what is the profile of the next generation, the cyber professional today and next generation? Are there consistent themes across your different sectors that characterize what a good candidate for a cyber professional looks like? So Ted, I think actually that's part of the challenge is that we're looking to be very specific in how we're defining this person and it actually is any individual. I mean, when we look at position, I'll make the point about position descriptions. So my role as executive director was a role within government. It is listed as an IT specialist. I can guarantee you I am not an IT specialist but it's because as a policy person in cybersecurity we don't have the right lexicon for how to talk about these professionals and I think that is one of our biggest challenges in workforce is that we are trying to keep it as a very finite discipline when in fact, if cybersecurity is truly core to the mission as I talked about before of every enterprise, then this is the credential, the characteristics, the traits really span across what it is that every individual can offer. And as soon as we can start looking at that more broadly and truly be looking at different capabilities under the heading of cyber workforce, we are gonna be opening the aperture and opening the opportunity to create a bigger workforce. Yeah, I don't know. I think I'm gonna end up echoing a lot of what Kirsten said which is I think that one of the challenges is expecting that there is a profile or even two profiles. I spend a lot of time working on diversity in cybersecurity initiatives and I get questions particularly from young ladies and they want to hear, tell me the path. They're like, how do I do this? And we have some things that we can talk about. You can talk about STEM, you can talk about things like that but I think I would just agree that what I tell them is there is no singular path. When I look at my own experience, I started out in industrial and systems engineering, did network engineering, worked at a consultancy, then was doing some policy work and then end up in Microsoft, right? You know, it was meandering. So one of the things I really like about New America's initiative in this space humans and cybersecurity is that it works to illuminate all the different experiences that people go through along their way to this path and I think that that's a really illuminating thing particularly for young people. I don't want to say that there are not credentials or paths that oftentimes lead to this but I don't want to constrain us to a particular set of them. Right, and a general, certainly you have, I mean they've got to be able to run a mile and a half in a certain amount of time and get a clearance. So I mean, how do you? The clearance is an important aspect but I would actually highlight the ability to work as part of a team as perhaps the most important skill set or attribute that we're looking at. I don't think any of our problems could be solved by one person but that we're really looking for people who can both work as part of a team and again highlighting that multidisciplinary team as well as lead one of those teams towards a mission objective. So the team aspect is also a subjective attribute that you have to foster and I think part of that leadership piece that we're also looking for because of course to lead a team you also have to be able to be a good follower. So that's, I think the teamwork aspect is the most important or as a distinguishing trait. And I mean we have workforce shortages. I mean as we've all acknowledged but not shortages of talent. So what are the coping mechanisms to address not having enough people to do the tasks that you are respectively assigned? Is there, I mean we've talked about exchanges between private sector and public sector. Is there a role for cognitive technologies to replace some of the automated functions that we currently have assigned to people? Any thoughts on this? Yeah well so I do think that one should not either under or over estimate that technology is going to help and hinder the talent issue. Whether you're talking about cloud based services where you can actually scale the effect of a limited talent pool across a large user base. Whether you're talking about automation that can start taking and doing some of the functions that are being performed by individuals. Importantly enabling those individuals to do other important security functions that require different types of skills that can't be automated. I do think it is automation, machine learning, cognition and cloud will help. At the same time we still need people to be able to help build those things and as I highlighted earlier, we're competitive right now when you look forward over the horizon there are going to be more companies, more governments looking for this talent. And so I think we really do have to think about the kind of things that encourage people to think about staying in this kind of field and wanting to be creative and innovating. I think that that's equally important along with where technology can take us. Right. Kirsten, did you want to add? I would just add two quick things. I think one of the interesting elements that came up for the commission, somebody raised the point, well if you're investing in automation and you're investing in cognition, does this somehow take away from your need to invest in workforce development? And the answer is absolutely not. And I think that's a very important understanding that there's a balance here and investing in the workforce and investing in these new technologies have to be happening simultaneously and being able to work alongside. The other point in response to your question, Ted, is this idea that if you don't have the right workforce, it's truly looking at what are the abilities and the capabilities of the workforce you have and is that workforce efficient? Are the right skills being applied to the right needs and have you truly defined what your workforce needs are and ensured that that efficiency is there because oftentimes it's a matter of skill sets and training and being able, as we talked about to your previous question, to develop all types of individuals not to be narrow in what you're looking at as far as how to build out that workforce. Right. Can we start queuing up questions? I will ask the congressman. One of the earlier panels talked about the challenges of getting folks in Congress to speak and to understand the cyber lexicon in order to get it legislated appropriately so that there aren't gaping holes and when good bills with good intentions don't actually fix the problem because of the specificity of the language. So can you just talk about the challenges of addressing a very technical problem in the legislative process? Sure, well, there's a couple of problems. First of all, most members of Congress are not digital natives, right? And so a lot of times we legislate by analogy and sometimes analogies in the cyber world in this new technological age in which we're in doesn't work. I mean, the challenge of the Wasunar arrangement, for example, and they tried to apply a Cold War agreement on governing dualist technology and governing intrusion software and preventing that from being shared so that governments couldn't use their technology in various ways, let's say. But the other problem is, besides not being digital natives and that will hopefully change over time as perhaps younger people get more involved in government and think about running for office and be elected to Congress but that's gonna take obviously time and maybe a generation. But the other thing that we need to do and work on bringing down the barriers of jurisdiction and that we have now some 80 different committees and subcommittees that are responsible for overseeing cybersecurity legislation. So you think partisanship is a challenging issue. Now you gotta deal with jurisdictional boundaries and challenges. So it's a frustration for departments and agencies that need to report to Congress on cyber activities. But it's a major reason why we haven't seen more cybersecurity legislation move its way through Congress. You think about the cybersecurity information sharing bill that just passed at the end of last Congress, that it was years in the making and the jurisdiction split kind of evenly between the House Permit Society of Intelligence and the Homeland Security Committee. And that was just two committees, for example, that we had to wrestle with that but there are more complicated piece of legislation that multiple committees will claim jurisdiction over and it just slows things down. We need to streamline that process. Right, right. Great questions. Yes, back here, Todd. One of the barriers to getting more folks into the workforce in the short term is the credentialing requirement. You both spoke to it. I'm wondering what you think it will take to really get employers to thinking differently and more importantly behaving differently that relaxes the requirement of a traditional degree in order to be ready to take on the jobs that we're talking about. Oh, okay. Yeah, so this is one where I do think that even exchange, for example, into some of the human resources background can be really helpful and the private sector may be able to be a little bit more agile in this space than the government. I'm very, very hopeful about changes on the governmental side but I do think that the private sector is already a little bit more agile here. And so I think that we have to continue to understand that credentials will be asked for but start to make sure that hiring managers, for example, one of the things I did when I was hiring was say, I don't want you to screen out a set of candidates. I ended up with 200 resumes that I had to look at but basically by doing so, I wasn't automatically screening people out of the process. So once you have hiring managers who are actually giving instruction to and working with HR representatives to be able to help illuminate that there are qualifications and there are credentials and those are not necessarily the same thing. I think that that'll start the momentum and if you will, I think that that also then bleeds over to the exchange between government and industry because once someone has an initial job in this space because the field is so competitive right now even you don't even have to be the best at your job to be able to have a lot of options right now. And so I think just getting that first job and being able to kind of work with HR professionals and take on the impetus yourself as a hiring manager to be open-minded about that process will help drive the momentum in this space. And I would just to expand on that, I think that goes to the other issue around really getting at where the core challenges. And so we continue to look at this from the idea of who are the knowledgeable, the cybersecurity professionals within the organization. We have to do a better job of training the HR field because if you are human resources in a cybersecurity, cybersecurity is gonna be something you're gonna be hiring for regardless of what the key objective or mission of what your company is doing. Everybody has to be educated in this. If we look at spearfishing, if we look at where the vulnerabilities to any enterprise are, there has to be a basic level of knowledge. And when you look at hiring and credentialing, having that knowledge embodied in the human resources department is something that a lot of enterprises overlook because they rely on their senior executives to take that role on. Which obviously they need to be doing, but we need to be doing it when we talk about training, middle management, and we talk about training management, it's making sure that everybody has that capability for those who are looking at onboarding and also making sure the onboarding processes have cybersecurity as a key component of it. And General Bucker, I mean, I think private sector has something to learn from the military. You guys don't require any credentialing to become enlist and you offer all the training or at least most of the training that the soldiers need in sales area. So we've learned from the private sector. Really, in that regard? We've now equated much of our training to either academic credits or to professional certifications. And we've integrated a lot of those technical and technical, professional and technical qualifications within our military, our professional military education system. So we have tried to close the gap so that if you leave the military that you are credentialed. Right, but no credentials to embark on a cyber career. No, we include that as a part of our training. Oh, right, very good, right. So we're like at about a minute. So final thoughts, if you had a single bullet point to make on how to improve the cyber workforce challenge, like what's the one insight that you want everyone to leave with? One thing I was remiss mentioning, I should have mentioned earlier, but obviously the government is gonna be increasingly challenged to be able to compete with the private sector and bring in top talent into the government. And so bring down barriers in allowing people to come into government service for a time and likewise government individuals to go and learn from the private sector. That's something we need to focus more on. I'm very pleased that in the last years National Defense Authorization Act, I was able to change the law that brought down a lot of the legal barriers for the Pentagon being able to do just that. And so that has now been addressed. We hope that the Pentagon can use those new theories. I'm sure that some things are gonna have to be worked out in terms of practically how they'll be applied. But we want to be able to draw in private sector talent for a time. And there are many patriotic Americans that wanna do their part. They may not be ready or willing to be able to or have the desire to sign up for a 20 or 30 year career in the military. But they still wanna do their part. Now we brought down the legal barriers to allow them to come into government service for a time, make use of those talents. And likewise allow people that are in the military to be detailed to the private sector for a year or two and learn best practices in the private sector, then go back and bring those new skills and ideas back into the military. I think we need to look at more of that government-wide and bring down whatever barriers exist. Right, right. And I think I've heard that point echo throughout the panel that the ability to make lateral movements without being punished in your career. Always an on ramp. Yeah, right. It's a great model for other programs across government and what the representative did with that is really set up an aspiration for how government can truly work with industry in that capacity. Because as we've all talked about, that is really the key to exchanging information as well as just the knowledge and expertise. To answer your question, I would say that the one issue in looking at building out a cybersecurity workforce is letting go of an image or a profile of what an individual should look like and truly working with a talent base to educate and train all individuals involved in an enterprise in cybersecurity. Because there's no downside to that and you will get professionals who actually probably weren't aware of their own aptitudes in it. And at the same time, you'll be creating a deeper level of cybersecurity across any entity that's training those individuals. Right. Yeah, so there's a video someone showed me on YouTube once and I'm sorry, I can't remember the name of it, but it was basically about kind of what inspires and motivates people in their careers. And we make a lot of assumptions about that, right? And different people are inspired and motivated by different things. Some people are motivated by financials. Some people are motivated by stability. Some people are motivated by mission. But I think one of the things I found really interesting about that little video was basically that it talked about some of the most successful professionals basically are ones who are not always told the problem they need to solve but are basically given space to figure out the problems that need to be solved are provided sufficient autonomy to bring together teams, multidisciplinary teams to work on them and are given the space and creativity to be able to innovate, fail and continue to iterate over time. And so I think that there's a lot in there for us to be thinking about in terms of thinking and promoting the cybersecurity workforce over time. Very good. General, last word. Again, always an on-ramp and I think we're defying traditional a session and career models to be able to take talent, to on-ramp talent in many different ways. Very good. Thank you to all of you. Thank you to the audience. This has been a great discussion and look forward to the next session here with the congressman.