 My name is Wally Repko. I work for the Department of Defense. I've been there now about 17 months and I came there with one purpose and one purpose only and it's trying to figure out how do we leverage all the good ideas that come from the private sector who owns the cyber domain who can help us operators in the military. Okay and what I'm going to show you today is kind of that that approach that has been presented probably 150 times in the last 17 months. It's getting a lot of traction. I'm here to show it to you now because when we get into some of these major war games I either have to have awareness to what the capabilities that you all bring to the fight or I'm going to turn to that four star admiral and give him a phone book. All right that's the challenge that we're facing today. You've heard if you're in that last briefing you hear all this talk about this public and private sector partnership you know and you sit back and some people roll their eyes because you know doggone why aren't we already doing that. So how do I leverage between where I am in Washington to where all of you are? Okay how do I build that that that construct because the bottom line today is I will tell you that the government is trying to figure this out. All right now the key is we got to do it non-traditionally. We got to think differently. I am surrounded by a lot of knuckleheads. Okay they're process driven. All right but this is all about doing things quickly and smartly and I can't do it without you. So I'm going to show you what we've been trying to accomplish. This is what I deal with every day. Okay I'm trying to jam a capability into a hole where people just don't get it. You all get it but I don't have awareness to how to get to you. In fact I don't even know what capacity you're at today. That's part of the challenge. There was a gentleman that made a comment last time in the last meeting that said are you only talking to companies? Well there are people within the US government today that focus on the defense industrial base. Okay that handful of large companies, general dynamics, Lockheed, Northrop and all the respect to them but the preponderance of intellectual capital resides with some of these folks here in this area and this is my first Black Hat, my first Def Con and I think my first Black Shirt and I'm delighted to wear it but my interest is to be able to leverage each one of the communities of interest that you see up here. The academics, the research community, young bucks that are out here that are researchers in and of themselves, I need to tap into you. I know you're thinking about intellectual property thoughts, hold on, I'm well aware of the sensitivity. We talk about corporations, we're not just talking about the big guys, we're talking about small businesses, those innovative firms, three or four people that work in the basement, the venture capital community and wouldn't it be nice to have an investment team sitting there willing to help you? In fact wouldn't it be even smarter to have the government co-invest in that opportunity? Now how do we do that? I don't want this managed by the government, I want this managed by the private sector, why? Because I understand accountability, I understand deliverables, I'm all about making sure things happen. That bottom circle, all right, those are the wizards I'm referring to. I showed up in a major war game in May, 600 military and we were talking the Pacific scenario. Part of my team were the hackers and patriots, they're my advisors, why? Because when we saw something happen that I didn't understand, I would turn to that one advisor who had his network of hundreds of advisors and they would go out and say, how would you approach this? That was the value, this is all about the one on many principle. If I know one of you and you have your network, now we have the opportunity to actually work it out. Entrepreneurs, this is all about thinking differently. You're the thought leaders and finally the government departments, but I have a bunch of hard nuts I've got to deal with. I'm not talking just about people, there's a trust issue out there. I work in operations and requirements of the Air Force and I'll tell you that this day not too many cyber requirements come across my desk. That's concerning. On the other hand, I walk down to the hall to a different service, Department of the Army, Department of the Navy and you'll find that they're doing very similar things, but we're not talking to each other. That's ludicrous. If we have a limited amount of money and we're not talking to each other and the domain is owned by you all, we've got to figure out the mechanism that allows for that to happen. So this is what I did, literally. I walked into my office one day and I drew a line down the middle of a piece of paper. I called one side public sector and the other side private sector. And you see in that little goal part up there, I said the private sector is made up of big and small businesses, made up the labs, the research community, it's global in nature. But teetering on that line is government, can't get away from it. Am I going too fast for anyone? This is not rocket science at all. But these are the two questions that keep coming up. Hundreds of companies of all sizes come to me and will say, Raleigh, what are your requirements? And I'll say, what can you do? What's out there? What special capability can you bring to the fight? I have got to have awareness to that in advance so I can build my playbook when a war game happens. So I need something that captures all of that. What I've got now is this donut, this neutral entity that I'm pushing. Some entity that allows us to broker, collect information, and reach out to all the knowledge nodes that you see out there, both on the left-hand side of the screen, as well as within the public sector. So what's a knowledge node? Knowledge node is you. It's the company you work for. It's the solution you may have developed. It's the process. It's some issue that's both domestic as well as international. I, however, have to be able to get to it. Now, there's a mirror image, as you see. There's knowledge nodes that sit within government. And that's a lot of the academic institutions that are out there who do a lot of good things, but there's a lot of redundancy. And I've got to have awareness to the best of breed from all those best practices and databases below. But as you grow this, I've got to have governance. I've got to have some type of board of advisors sitting on the private sector side. Now, how are they picked? I don't have a freaking clue. But I can tell you, having sit and run on publicly traded boards, that how difficult is it to identify a mix of talent from a big business to a small business, to a hacker, to an advisor, to an academic, and have them be incentivized to be part of the team for 13 or 18 months, rotate, bring in new talent, and then talk to the folks on the public sector side, individuals like myself, who have my own network. Okay? This is where the seeding and feeding of challenges ought to take place. And we need to do it through this neutral entity to kind of manage and take care of those intellectual property and other issues. Now, from an executive or from an execution perspective, I currently work for the Office of Secretary of Defense, that big blue circle. But we've got to collaborate with a lot of the folks that you saw at the table earlier, DHS, DOE, Department of Energy, Department of Justice, various states and locals, various countries. Got to have that awareness. But how difficult would it be to establish some type of smart database to make this happen? It shouldn't be that tough. But this is the question that gets everyone's goat, the money. Alright? Look where I put the package of gold. I purposely put it on the private sector side, because what we have to figure out is, how do I award you? How do I reward you? How do I incentivize you to get involved? In fact, how difficult would it be to get venture capital to put money into that pot for specific challenges? Have it be matched by various agencies that you see up on the wall? Now, I know how to track you. I can be darn sure that if I do give you money and you start to produce and do well over the next two or three years, that as a venture capitalist, I'm going to get my money back. But this is an opportunity for the government to get its money back to put into various programs, programs like training and incentivizing issues that you heard earlier. But we need creative minds to figure out what should go into this package. Right now the government is very interested in seeing a framework that works, but we've got to figure out whether the elements need to be part of this. I can tell you right now there are people in the federal government that are trying to boil the ocean. What we need to do is break up the framework into its various elements, bring in the experts, and pursue each one of the areas that are being mentioned here. So I'm going to show you what took place in a major war game back in May, and there's one that's going to take place here in October, which all of you can be involved with. That little star up there represented that particular war game. And it was taking place in an epic year, 12 years from now. We had 600 participants, all the major services, we had countries involved, et cetera. But what I was trying to prove is what's the art of the possible today? All right, so as the game goes through its various phases that you see from phase zero, phase one, in a war game, these typical war games are five days long. Okay, at the beginning everything is green, no problem. And then malware and things start to happen. Both to the network, you've got cords being cut, you've got a lot of issues taking place. While this is going on, these various teams, the red team is trying to make the blue team's life miserable, you've got white players, you've got industry cells, et cetera. Okay? But they'd show up at these war games with six companies. It's like having six companies stored into a safe game saying, hey, I've got some Antec in my back pocket, we're already. But I'll tell you, the challenges that come in this war game are ones that you deal with and we're not familiar with. So what I did was I jumped over that wall. I had a workshop and I invited 1,000 people to participate. What I had to do, however, was to make you familiar with what we do in the military. Give you an idea of what a mission is all about. And then you started to jail. Now, the issues that we brought to the war game were real. For example, if I was to impact the GPS clock, okay, think of the impact it would have on everything from phones to unmanned vehicles. Again, from an operator's perspective, these are challenging issues. Well, when I start approaching that question to 1,000 innovative and creative folks, you saw some incredible responses come back in. Okay, this is what I refer to as the art of the possible. So even though the game was going through five days, which represented 12 years from now, I proved to the DOD that there are capabilities out there that could solve the problem today, tomorrow or in three months. And the responses came in said, I'm a small company, but I can do it if I could find this type of partner. I need a couple of million bucks and I'll do it in three weeks. Three weeks, not 12 years, right? What that does for us is I will incentivize you and raise your awareness to our government leadership saying there's capability out there today. And so as you look at the flow here of us reaching out to all those knowledge nodes, not just small business, but labs and international and academia, we got all kinds of inputs. Now, there's a really important point here. This war game was classified. All right? So part of my team was to sit there and take each one of the injects, those challenges that took place each day of that week during that war game and sanitize it, write it in a manner so that I can send it out to all of you. In essence, I'm extending my reach, my operational reach to participants that have never participated in an exercise or war game in the past. And the responses were incredible. Some were a little crazy, but we got some really fascinating inputs. You see the word anonymizer up there? Okay? That allowed us, as we are sending the questions out to the free world, to protect in essence what our vulnerabilities are. But we couldn't make the question so generic that you didn't understand what we were talking about. So we knew that if you knew how to respond to the question, in most cases, we knew that you knew what you were talking about. All right? And when we got an input that looked interesting, we then contacted you. All right? Now, when you started bringing your responses back in, we used the anonymizer to protect your input because your ideas, your creative ideas were ones that needed to be protected. So that was our approach to intellectual property. But the bottom line was, we used a 501C3, some entity down in Bozer City, Louisiana, called the Cyber Innovation Center, to be our clearinghouse. So we took a classified inject, sanitized it, went to a dot com node, transmitted it to the dot com node at this neutral clearinghouse, and they sent the requests out to the world. Within two minutes, we started getting some responses. Within five days, we had 128 inputs that came in, and they still kept coming. Now, we had to validate. And part of my role was just to prove to the Defense Department that we need to extend our reach, get out and be able to reach out to those knowledge nodes because they'll be willing to respond. Again, we haven't looked at how we incentivize, that's where you go out and say, how would you like to be incentivized? These are the questions that I'm interested in finding out from you. The bottom line is, we went through a hot wash, the four star, the secretary, Defense Department leadership saw the results. As a result, now I'm building this for the Defense Department. And we're going to be testing this in a major war game is going to take place in October called Unified Engagement. Now, this game was strategic. The game that's coming up in October is operational. It means I need an answer immediately. But unless I know what capabilities can come to the fight so I can build my playbook in advance, I'm not sure where to throw the pass. That's the challenge that the military has today. They'll show up at a game and they'll have a handful of tools, but they haven't leveraged the intellectual capital that's out there. And to me, that's concerning. So when you look at the collaboration piece in and of itself, these are all the various steps that you have to go through in today's environment. The military operator says, I got a problem, I need something. And we got to go through requirements developers, programmers, etc, etc. And that process takes a year and a half. We're just talking about, you know, technology, as I mentioned depreciates like I had a lettuce. So how do we do all these various steps quickly? That's the thought process that I'm applying today. Now, I just as I mentioned from an approach perspective, I've got to have awareness to what you all do in advance. I need help there. What we do is we host a workshop, we open up to the public, you come in, we have breakout sessions. And before you leave that workshop, I have at least knowledge of three core competencies that you or your or your specialty area brings to the fight. Okay, that's how I build the playbook. Now when I show up at the war game a month later, when I see something that looks kind of funny, and I know that you're the solution, I throw the pass in your direction. Okay, sanitizing the war game. The next big challenge that we have right now, the government is very open towards getting away from traditional clearance management. Okay, and it's not perfect yet, but this is an opportunity for us to now reach out to you and allow you to respond to our challenges by sanitizing a classified issue, the trust issue. In order for us to maintain trust, we even in government have to always be talking to each other. Okay, having an industry cell made up of folks like yourself at a war game is nothing novel. The problem is, the guys, the leaders that wear the stars on their shoulders that push the button, if they don't know anything about you, and you may be sitting 10 feet away from them, they're not going to rely on you, because they don't know you. They don't have the confidence in what you bring to the fight. So we've got to ensure that we're always communicating. They have to have awareness to what you're all about. Using a neutral clearinghouse is a new way of thinking, because that entity becomes the broker, it becomes a repository. And if it's neutral, it doesn't have a stake in the game. It's not Northrop Grumman, I'll do respect to them running that entity. It's some neutral entity like a 501 CX that allows us to do everything that we're proposing here. The anonymizer ensures that from a little extra property protection, I'm protecting your creative ideas. At the same point, you're helping out the operator. But here's a really critical issue. The right mix. When I show up at a war game, I got to make sure I have my Jack Bauer team. Okay, they got to be the top of the game. They have to know their business. They have to know where to look. They have to be able to assist us with the game. And it's not just all Air Force or all military. It's a mix of individuals that are in this room that make this palatable. At the end, we go back and we look at the lessons learned and we throw the questions and the challenges back out to you saying, how could we have done this better? All right. That's what this is all about. That's the collaboration that we're looking for. And again, this is not for free, because I know for many of you, yes, you have a lot of patriots out there, but we're here to incentivize your attention. Okay. How do we do it? Well, I need some creative ideas there. But putting a pot full of money out there and having it sit there and knowing that we can spend it quickly. Well, that makes a lot of sense because there's a lot of models that work from that. But we've got to take a look at that carefully. And then we've got to continually rehearse a lot of these war games, these tabletops, so that we're proficient. These are the types of companies that I brought to the fight. Okay. So when I talk about Black Hat, I went to Jeff Moss, I said, Jeff, I know you have a lot of talent in your back pocket. When I see a challenge related to, you know, some type of malware that I have no clue what it is, I'm going to share with you. I don't need to know who you talk to. Help me get an answer. Okay. There's one little company up there called PGMP, Pretty Good Malware Protection. It's like three people out of Austin, Texas. All right. This is the type of talent that I see out here today. These are the groups, again, one on many. I go to trade association. I don't need to look at every company. I go to the leader of that association. I say, how many companies in tech America know anything about cyber? How many understand CNA, CND, CNE? How many of them are small innovative companies? Okay. They should have that answer if they don't. Basically, that's part of my concerning issue. So in conclusion, I'll be delighted to take any questions you may have, more than 85% of the critical infrastructure is managed by you all. So when the government comes in and tries to modify the acquisition cycle and says we need to do it ourselves, without talking to the private sector, there's something wrong with that discussion. Okay. We need to really think about how do we leverage the talent from the private sector, which includes big business, small business, academia, patriots, hackers, venture capital. We've got to be able to think beyond the dip, all the respect to the defense industrial base, a lot of the innovators move a heck of a lot quicker than those big companies. Trust, huge issue. How do I go beyond that? I got to have awareness. I got to be able to know who you are. I got to work with you. I got to understand what you're up against. Having capability awareness is a real issue. I will tell you that I've met with hundreds of really cool companies that come to my office and they sell a certain bell or a certain whistle. But the concern that I share with the Defense Department is this. I don't know what capacity you're at. So if I get hit in a major malware and something really happens and I tap you on the shoulder and say you're in the game and then you tell me, well, Raleigh, I'm only about 20% there. I got a problem. I got the clock ticking. I got the four star up there wondering how we're going to fix it. I got to figure out how I'm going to integrate a challenge while the hacker is doing what the hacker does well. So I've got to have the awareness of what's out there today. I believe that the neutral, you know, having some type of neutral clearinghouse, something independent has real promise. You know, I've written about this online. There's thoughts out there, but I'm wide open to suggestions on what ought to be included inside of that entity. It's not just one entity. It could be hundreds of neutral entities all talking to each other and managing all the knowledge nodes of companies and capability are out there. Okay. The key here is speed of need, not speed of thought. And this is not about me. This is about we. And we're trying to leverage that. The sanitization process was not easy for me to get the blessing from our leadership, but they knew full well that because the preponderance of expertise is out there, I needed the ability to go out there. So they provided me with sanitizers, specialists in security. Now, how difficult was that? I just asked the question. Okay. It works. These are the types of new thoughts that we're trying to get. And finally, let's stop trying to boil the ocean. Okay. This is hard work. But if we break it down into the elements, and if you're a specialist in one area versus another, well, those are the various teams that we need to do. In all due respect to the White House reports that came out that said we need to have a czar, and I got that. We've been there, right? That's up here. Now we need to build something, take action. And that's what this is all about. Okay. So, I can tell you the last 17 months has been a tremendous opportunity, but the key here has been I don't do a certain, I don't do a day without talking to my private sector partners and I meet more of them day by day. And that's really the incentive that drives me through that parking lot at the Pentagon, and has me work long days to try to figure this thing out. So, that concludes my presentation. I'd be delighted to take any questions you have. I still have about 15 minutes, but thank you all very much. Question? I think they want you to use the microphone. Yes, sir. Do you think there's overlap in your mission with the CIC? That's what you're trying to do with the CIC with U.S. SIRT or SIRT-CC or the MSISAC and what they're trying to do in bringing some of this public private partnership together? Right. I mean, the issue of overlap is always a concern because, you know, today there are a lot of investments in the various organizations that gentlemen mentioned. I reach out to all these organizations. All right? I started out Air Force only. I knew that in order for me to be effective, I had to go to DHS. I've been to DC-3. Steve Shirley knows me. Well, same presentation hasn't changed. Okay? What they like is a framework that now works. Why? Because each one of the organizations that you've mentioned is a knowledge note in and of itself. So think of it almost as a charm bracelet. I'm trying to build the mechanism that is the bracelet itself where each one of the charms from DC-3 to the ISACs, etc. hook on to that. Okay? We're not competing. We're enabling. All right? So but we got to have the mechanism that allows, you know, the preponderance of information to flow. So yes, I do collaborate with them all the time. I'm wide open. Again, this is not about me. And the cost is in not talking to those organizations. Thank you. Yes, ma'am? Hi. Hi. I wanted to ask you what you meant by, like, capability. You've spent several sentences on capability in terms of knowing it in advance and treating it as if it was something that could be quantified. Right. Is that correct? Is that your definition? It is. When I use the term capability, I'm talking not just about a tool. I'm talking about a person, a solution, a process, you know, something that will enable the fight. And we're talking about integrated capabilities. So sometimes I use the term to represent all of the above. But when I'm referring to capability, I'm referring to that type of cyber knowledge, etc., that's out there that I can leverage. Yeah, I guess something that I can tell you from my experience doing different open source projects and just working in sort of this community is that capability is extraordinarily dynamic. And I think that you're going to run into some problems with the different definitions of the word. Capability isn't really something you can determine in advance with any, you know, hard, 100% got to know it. And the mindset is that the capability emerges from the situations we're put in. That also has to do with your question about incentivizing. Money's okay. Money's great. It buys stuff and we get paid with it sometimes. But incentivizing, at least for me, I'll work on a problem for free if it's interesting, you're going to have to express them in a way that really engages the imagination. That's going to be up to you to be able to express those things. And these are, I mean, from the capability issue, terminology is huge here. I mean, I, for one, understand that. And I'm all, you know, open. People come in and say, you know, don't see tomatoes, potato. Got that. I'm wide open for that. As far as incentivization, I will tell you that the government is trying to understand, especially in OSD. OSD is moving pretty quickly. They're very interested in figuring out how to do it. But we're not quite sure on what will incentivize you. Because I've met with folks saying, I just want to be part of the game. I love this stuff, man. This is great. I got that. I'd love to be able to categorize those folks saying, these are in it for, you know, because they're enjoyed because they're patriots. These over here are a bottom line. They want cash. Okay. What type of cash? Again, did you hear me mention one single word about, you know, in essence, programatics and how we acquire? Because we don't know how to do that yet. Okay. And the reason is to turn to, if you've ever worked with the government, we have what's called the FAR, the federal acquisition regulations. It's called nightmare. All right. And that's the incentive of why most people are not incentivized to even work with the government. So if we had this clearinghouse that could very quickly allow us to, you know, purchase that solution, that service, that tool, whatever. But what the government in many ways are considering today is, they mean well, but they'll turn to their typical government group. If you're in the Air Force, a handful of majors and Lieutenant-Colonels and say, I need for you to think differently. Okay. These are folks that never spend a single day in the private sector. I need for you to change a 40-year-old acquisition cycle. Okay. Do it quickly and make sure you incentivize those that are out there. Let me tell you, you don't even want to read that stuff. So having your input, I mean, in essence, understanding what will incentivize your participation. You know, yes, you also want to know that when you do participate that you get some type of attention for it, whether it's monetary or just that representation, I get that. Okay. How does that fit into the clearinghouse? Help me out. Okay. Is it a blog? Is it an active thing? I mean, are there new ideas out there? The more clarity I can get, the better off we are all going to be. Great question. Thank you very much. Yes, sir. You talked a lot about the framework and I was just curious is if this were successful and created some useful byproducts, would your plan to be to open that to the public or would it be to keep it within DOD or government or something along those lines? If I didn't make it clear, this is being proposed to be really the entity for public and private sector participation. The last thing I want is for this to be managed by the DOD or DHS. You've already heard from our last panel some of the frustration that takes place. Okay. So you've heard of FFRDCs and 501C3s. These are, you know, not-for-profit entities. I mean, if there's something new out there, let me know what it is because we ought to make sure that legally it works. But the key is when good ideas start to permeate, we've got to be able to share those. So that is a key byproduct. Okay. But hooked into that clearing house are all the good, are all the various entities. So right now, this framework is a little at 64,000 feet. As you start to break it down and say, okay, you may, we're part of the framework team. We're going to figure out what goes into that framework. Well, we want it to be a common operating picture, want it to be a repository, want it to be this and that. Okay. Those are the types of things that need to go into that. And of course, we've got to be able to share the information. Thank you. Thank you, sir. When the military was looking at how to manage kind of the out-of-war component of its resource pool, they turned to essentially the National Guard component that said, why don't we have a component of soldiers who train, not every day, but train infrequently and are essentially ready to be called up into service whenever this happens. Have they considered a kind of National Guard in a sense component for this, where you in fact incentivize by saying, okay, we can make it an almost kind of paramilitary type arrangement. You can put it in a infrequent training arrangement where you can say, we're going to pay you, like they pay national guard soldiers. You get a training component that's in place and again, a kind of disciplined, flexible component that could be brought in on a regular basis, done in that setting where the incentive is to say, yeah, you're going to go out and work a weekend every six weeks or whatever, or one weekend a month or however the National Guard is structured, but do it in a way that it's additional income, but it's also recognition for what they're doing in terms of ranking. Yes. I mean, what you're identifying is a model that exists today. Now, I'm a retired Air Force Reserve member. Guard and reserve make up what's called the ARC, the reserve component. Now, just assume that these individuals that participate in Guard and Reserve, they have other jobs and many of them do the things that you all do. They're the closest thing within DOD to the private sector. We know that. So in that war game that I just showed you, the Striever war game, one of the nodes when I was presenting it to our leadership said ARC on it, because it's easy for us to go into our files and identify Captain so-and-so, Major Lieutenant Colonel so-and-so that works in this company, that company who brings certain types of expertise there. Okay, so absolutely. These are exactly the types of nodes that we're hooking into. I mean, having spent 22 years as one of them, there's huge value in leveraging the expertise that they bring to the fight. It certainly seems that foreign governments are doing this very type thing. I mean, that's exactly if you look at Brazil, if you look at China, you look at the way that they're essentially bringing on very young individuals, but essentially creating that kind of paramilitary arrangement where they belong to this group and that group has an affiliation and allegiance to the group that's being, that's training. I understand. I mean, as I mentioned in the last discussion, the military thinks very traditionally, all the respect to that. They're regimented, they're here to take care of all of you. But when it comes to the cyber domain in which the intellectual property resides with you, our approach is to basically walk up to an engineer in our military, wave a wand over him and say that you're now a cyber expert. Does that make any sense? So I sit back saying, literally, you can't train these individuals fast enough. So we need a new mechanism. How difficult is us for it to have a couple of cyber experts, but form a relationship with the private sector where you help us jump start from where we are today to where we need to be tomorrow, which is at your level of competency. That's the partnership that has to take place. Okay. Thank you very much, sir. You've, excuse me, you've touched on a couple of the issues that inherently make this a difficult relationship with the FAR. My initial question was going to be once the capability was described as being available to you in three weeks. How long did it take you to procure that capability? I suspect it took longer than three weeks. With that in mind, this community, the black hat community, inherently we come together for a love of attacking processes and finding the chinks in the armor, the breakdown in the processes. So to approach it with the traditional idea of process driven frameworks is going to be a difficult marriage indeed to achieve with this, with this kind of culture. Have you considered looking further again at the open market model and essentially becoming, if you will, a large investor in that model in such a way that based on performance, we reward the performance rather than rewarding maybe what is going to happen out into the future and trying to fit a niche or a requirement now rather than it's not perfect, but clearly we've run economies, we occasionally have breakdowns, but I would suggest that our country has a long history of based on past performance going with investment into the future. Right, and I clearly understand where you're coming from. So to be able to reward, to be able to identify, I mean for many of you they had within the Department of Commerce years ago they had what was called the Malcolm Baldur's award, reach out to the world and identify all those good things from companies and give you the recognition because these were companies small, big and large whatever that got great attention. When I talk about bringing the right mix of talent in, it's bringing in the economists or the people who have clear, creative ideas and saying, okay if I got a bag of money and one of my rules of engagement is to ensure that we incentivize, we meet the following issues, et cetera, with the right people in there we can put together a pretty good package, okay. I'm not that expert, but when we identify and say in order for us to fix this element we've got to bring in the right type of talent is, in we'll be able to identify and address those issues. I'm all about open source. This has to move quickly, right. Again, this is a collaboration model. Yes, there's a process tied to it, but the key here is I'm trying to enable things. So how best do I do it? If you've got a good idea, I'm in a position to say let's try it, okay, because what I'm bringing to this fight now is the ability to turn to a four-star admiral and say, sir, I've got your solution. It's some company that came out of black hat or from this particular session, because you knew how to provide an answer. He won't care any more about what you're all about, but will care that you brought a solution to the fight. I'm trying to build a mechanism that puts the two together. Okay, sir, I think I have a chance for about one more question based on time. Yes, sir. My question is also around incentivization, but in a bit of a different way. Foreign governments often times celebrate their independent researchers or whatever you want to call them, the hackers. Whereas we get a lot of mixed messages. You have the DMCA and the upcoming ACTA, which try to squash independent research, security, vulnerability research, exploit development, that whole deal. That's going to hamper us in the future, and I think what would help us is some heavy hitters that go in there and say, let's get this legislation right. I'm tired of being told to go talk to my congressman. I think if we had some heavy hitters in there saying, you know, let's get the legislation right to actually encourage people to keep closing the holes in the software and to develop these skill sets, that would make a big difference. I applaud that question. I mean, just remember, a congressman is in Congress because of your votes, and they'll spend 90 plus percent of their time ensuring that they get your votes. Look at the size of Black Hat. Look at the size of this organization. You've been around for 18 years for God's sakes. You've got a supporter in me, okay? However, I need to be able to rely on Black Hat. I could see that this organization between Black Hat and DEF CON form in their own legislative team because look at the numbers of people here. The legislations coming out of Congress today, out of the White House, out of Capitol Hill, etc., are looking for answers. However, they're turning to the same traditional mindsets, and the thought process that they're throwing into this legislation just seems so basic, and it's not going to solve the problem that you're all looking for. Part of the opportunity here is to be able to have a voice from not by Congress, but by you all, because I'm talking the numbers that you bring, I guarantee you the members are going to listen. This is my first time here, and I look at the creativity, and I enjoy my Black Shirt, and I'm really impressed by what you're all going to bring to the fight. However, my biggest concern is how are we going to leverage this? And whether it's from Moss and his team or the executive body that makes up these two groups, the cost now is in figuring out how we can make sure that there's an ear in Washington that's listening to you. Thank you all very much. I'd be delighted to answer any questions later as well. Thank you.