WEBVTT 00:00.009 --> 00:02.440 Good afternoon and welcome to day three , 00:02.450 --> 00:05.269 the final day of the 2024 dous 00:05.280 --> 00:07.940 conference before we kick things off . 00:07.949 --> 00:09.727 Please remember to complete the 00:09.727 --> 00:11.838 attendee survey . The survey is being 00:11.838 --> 00:14.710 emailed to all attendees today . First 00:14.720 --> 00:17.069 on stage is our cyber panel moderated 00:17.079 --> 00:20.010 by Miss Katherine Ner Mn currently 00:20.020 --> 00:22.076 serves as the intelligence community 00:22.076 --> 00:24.242 chief , Information Security Officer . 00:24.290 --> 00:26.512 Please welcome Miss N and the panelists 00:26.512 --> 00:27.379 to the stage . 01:06.010 --> 01:09.389 All right , good afternoon . I I could 01:09.400 --> 01:11.622 be heard . I can hear , I can tell . So 01:11.622 --> 01:13.789 that's good . Um It's a pleasure to be 01:13.789 --> 01:16.069 here and it is my great honor to bring 01:16.279 --> 01:18.501 some of the busiest people I know up on 01:18.501 --> 01:20.690 the stage today . We're working all 01:20.699 --> 01:23.032 kinds of things that you've heard about . 01:23.032 --> 01:24.921 Already . Zero . Trust artificial 01:24.921 --> 01:27.550 intelligence , shifting to the edge . 01:27.970 --> 01:30.910 Um you know , continuous monitoring , 01:31.250 --> 01:33.989 continuous a to we have all of these 01:34.000 --> 01:36.167 things and more that we're all working 01:36.167 --> 01:39.190 together on . And so I am just grateful 01:39.199 --> 01:41.199 that we were able to get this panel 01:41.199 --> 01:43.032 together and they're hard to get 01:43.032 --> 01:45.366 together . By the way , let me tell you , 01:45.366 --> 01:47.477 it was really hard to get them here . 01:47.477 --> 01:49.699 So , um one of my roles in the , as the 01:49.699 --> 01:51.921 IC cio is to bring people together , to 01:51.921 --> 01:53.866 bring the intelligence elements um 01:53.866 --> 01:55.977 closer and to be able to share um the 01:55.977 --> 01:59.080 lessons learned and the approaches that 01:59.089 --> 02:01.239 we take in doing cyber security 02:01.250 --> 02:03.680 together . Um One of my mantras that I 02:03.690 --> 02:06.050 heard earlier this week was a risk to , 02:06.059 --> 02:08.369 one is a risk to all and I actually 02:08.380 --> 02:10.830 live by that . So wherever we can share 02:10.839 --> 02:13.061 across is something that I look forward 02:13.061 --> 02:16.320 to doing that . Uh Doing so with that , 02:16.330 --> 02:19.339 uh we'll get started . So what I'm 02:19.350 --> 02:21.406 gonna have everybody do is say their 02:21.406 --> 02:24.300 name , their title and organization and 02:24.309 --> 02:26.587 then they're gonna answer the question , 02:26.587 --> 02:28.929 what is one cybersecurity trend for 02:28.940 --> 02:31.740 2024 that you see and that is important 02:31.750 --> 02:33.750 for organizations to know about and 02:33.750 --> 02:35.917 I'll start . So I'm Katherine , er and 02:35.917 --> 02:38.330 I'm the IC cio , I'm AD N 02:39.770 --> 02:41.881 and one of the trends that I see is a 02:41.881 --> 02:45.520 shift in the ciso role . So what we're 02:45.529 --> 02:48.490 starting to see out in industry is that 02:48.940 --> 02:52.460 we are looking to advise the C suites 02:52.809 --> 02:55.559 and the cybersecurity bo the boards . 02:55.570 --> 02:58.029 So we're bringing cybersecurity to a 02:58.039 --> 03:01.610 higher level . Um And so one of the 03:01.619 --> 03:03.786 skills that a lot of us have as CIS OS 03:04.399 --> 03:06.880 is as business strategist , so be able 03:06.889 --> 03:09.070 to look out over the horizon and be 03:09.080 --> 03:11.800 able to see what's coming . What do we 03:11.809 --> 03:13.865 need to think about ? What aren't we 03:13.865 --> 03:16.419 thinking about today ? One of the 03:16.429 --> 03:18.540 things that this uh side effects that 03:18.540 --> 03:21.110 comes out of this is the ability to 03:21.119 --> 03:23.341 actually save money in cyber security , 03:23.341 --> 03:25.452 believe it or not . Um to give you an 03:25.452 --> 03:28.179 example , uh this may not be popular 03:28.190 --> 03:30.970 but with vendors . But um it turns out 03:30.979 --> 03:32.868 there are a lot of cyber security 03:32.868 --> 03:34.990 features and functions that are built 03:35.000 --> 03:38.649 into say cloud and operating systems . 03:38.660 --> 03:40.438 They're native , there's native 03:40.438 --> 03:42.604 scripting tools , there's all kinds of 03:42.604 --> 03:44.771 ways of doing cybersecurity , you what 03:44.771 --> 03:47.115 we already have . And one of the side 03:47.125 --> 03:49.069 effects that we're seeing with the 03:49.069 --> 03:51.184 shift in ciso advisories as business 03:51.195 --> 03:53.505 strategists is to be able to save money 03:53.514 --> 03:56.835 by using tools that are native to some 03:56.845 --> 03:58.734 of these operating systems moving 03:58.734 --> 04:00.956 forward . So with that , I'm gonna hand 04:00.956 --> 04:03.309 it over to my colleague , Tim . All 04:03.320 --> 04:05.550 right , good afternoon . Um I'm Tim 04:05.559 --> 04:08.830 Sidor , uh the Dia Ciso and uh chief of 04:08.839 --> 04:12.169 our Cyber Security Division . Um I'm 04:12.179 --> 04:14.235 new to the cyber security business . 04:14.235 --> 04:16.401 I've only been in the IC ciso role now 04:16.401 --> 04:19.459 about 25 years . Um So , uh what I 04:19.470 --> 04:21.581 would talk about what it , you know , 04:21.581 --> 04:23.748 the number one trend and right out the 04:23.748 --> 04:25.970 gate , I'll break the rule and give you 04:25.970 --> 04:28.420 two . The first , I would say the speed 04:28.429 --> 04:31.290 at which we see the cyber threats uh 04:31.299 --> 04:34.429 operating um in , in our space today , 04:34.440 --> 04:36.989 whether , whether they be external 04:37.000 --> 04:39.000 threats , which is , of course , as 04:39.000 --> 04:41.056 people think cyber security , that's 04:41.056 --> 04:43.350 the traditional place most people um go 04:43.359 --> 04:46.130 to . But I would talk about the , the 04:46.179 --> 04:48.519 speed and the maturity at which we're 04:48.529 --> 04:51.179 seeing an increase in the , the pattern 04:51.190 --> 04:53.980 and the impacts of our insider threats 04:53.989 --> 04:56.190 as well . Um And so from a cyber 04:56.200 --> 04:58.144 security perspective , of course , 04:58.144 --> 05:00.367 you're aware of many of the initiatives 05:00.367 --> 05:02.367 that we have going on today . Um Of 05:02.367 --> 05:04.422 course , you can't be a ciso and not 05:04.422 --> 05:06.644 say the words zero trust . So I'm gonna 05:06.644 --> 05:08.644 just get that out of the way . Um I 05:08.644 --> 05:11.029 said it just by all . Well , everybody 05:11.040 --> 05:12.984 has to , I don't know , I was just 05:12.984 --> 05:15.630 making that the um um the , what I 05:15.640 --> 05:19.160 would say is uh it is key that we focus 05:19.170 --> 05:21.510 on our ability to not only leverage 05:21.519 --> 05:24.630 technology but talent uh in order to be 05:24.640 --> 05:26.862 effective going forward , uh you know , 05:26.862 --> 05:30.130 against that um increasing 05:30.339 --> 05:32.769 threat and the increasing ways in which 05:32.779 --> 05:35.160 that threat can materialize , impact . 05:35.420 --> 05:37.630 Uh not only on our networks , but I 05:37.640 --> 05:39.989 also think on the , the critical 05:40.079 --> 05:42.649 mission as well as the integrity and 05:42.660 --> 05:44.882 availability of that information that , 05:44.882 --> 05:48.179 that we work to defend . Um So with 05:48.190 --> 05:50.980 that , I'll pass along to Julie . Hi , 05:50.989 --> 05:53.329 good afternoon . Um I'm Julie Dra . I'm 05:53.339 --> 05:56.339 the uh NSA deputy ciso and deputy 05:56.350 --> 05:58.880 authorizing official . And this is 05:58.890 --> 06:01.112 actually my first notice I've gone to a 06:01.112 --> 06:03.279 number of other conferences , but I've 06:03.279 --> 06:05.168 not been here before . So kind of 06:05.168 --> 06:07.679 excited to be here . Um I'll kind of 06:07.690 --> 06:10.209 break some of the similar things of not 06:10.220 --> 06:12.480 just one item but I think they're kind 06:12.489 --> 06:15.489 of connected . Um , cyber resiliency , 06:15.709 --> 06:17.709 you know , not only using our cyber 06:17.709 --> 06:19.820 security to defend our networks , but 06:19.820 --> 06:22.059 how do you go beyond that when you have 06:22.070 --> 06:24.348 an incident and recover and keep going ? 06:25.010 --> 06:27.750 Um , we were talking backstage that , 06:27.760 --> 06:30.038 uh , you know , if we have an incident , 06:30.038 --> 06:31.982 we can't just shut ourselves off . 06:31.982 --> 06:34.920 We're supporting the war fighters . So 06:34.929 --> 06:37.096 it's , it's not a question of saying , 06:37.096 --> 06:39.318 hey , the best thing to do is lock down 06:39.318 --> 06:41.540 everything and , and figure it out , we 06:41.540 --> 06:41.489 have to figure out how to keep doing 06:41.500 --> 06:43.839 the mission and supporting everybody . 06:44.209 --> 06:47.029 Um So that rolls into the zero trust , 06:47.040 --> 06:49.262 right ? We're having to implement a lot 06:49.262 --> 06:52.450 of zero trust uh features by the coming 06:52.459 --> 06:55.369 years . Uh NSA has actually been kind 06:55.380 --> 06:57.436 of at the forefront of that over the 06:57.436 --> 06:59.829 last 11 or so years because , you know , 06:59.839 --> 07:02.429 we had a nice little incident that kind 07:02.440 --> 07:05.299 of pushed us into this uh activity . So 07:05.309 --> 07:08.000 we coined if you were here for the CIO 07:08.010 --> 07:10.066 panel yesterday , you heard Jennifer 07:10.066 --> 07:12.010 Kron mention secure the enterprise 07:12.010 --> 07:14.260 secure the net . Uh that was a set of 07:14.269 --> 07:17.649 initiatives we put forward um using our 07:17.660 --> 07:20.019 cyber experts within the agency to 07:20.029 --> 07:22.619 identify a set of requirements that 07:22.630 --> 07:25.630 every system needs to meet . So in 07:25.640 --> 07:29.399 order to um even get to an a to they 07:29.410 --> 07:31.149 have to satisfy a core set of 07:31.160 --> 07:33.104 requirements and then we have some 07:33.104 --> 07:35.271 extra ones layered on , on the outside 07:35.271 --> 07:37.327 of that , that's actually become our 07:37.327 --> 07:39.604 foundation and we say that is our fuel , 07:39.604 --> 07:41.604 that's powering our zero trust . So 07:41.604 --> 07:44.170 we'll rebrand our ST end to be zero 07:44.179 --> 07:47.130 trust going forward . Um So that it's a 07:47.140 --> 07:49.362 couple of different things . Um I think 07:49.362 --> 07:51.584 a I too is a big push and I know you've 07:51.584 --> 07:53.862 got some questions for us later on A I , 07:53.862 --> 07:56.790 so I'll just leave it at that . All 07:56.799 --> 07:59.077 right . Hello . So , Erica Boone . Yes , 07:59.077 --> 08:00.799 it is spelled Eroica . It's uh 08:00.799 --> 08:02.799 Beethoven . So , but I do say Erica 08:02.799 --> 08:05.059 from Alabama . So they can't say Eroica 08:05.320 --> 08:08.579 um um the Air Force IC uh sizz 08:09.149 --> 08:11.070 um for our large information 08:11.079 --> 08:13.023 environment and to jump right into 08:13.023 --> 08:15.549 trends may be a little um uncomfortable 08:15.559 --> 08:18.209 to say , but I think the trend is being 08:18.220 --> 08:21.149 uncomfortable , we speed of change is 08:21.160 --> 08:23.160 going to be speed of leadership . I 08:23.160 --> 08:24.993 don't think personally we have a 08:24.993 --> 08:27.104 technology problem . I don't think we 08:27.104 --> 08:29.216 have a framework problem . I think we 08:29.216 --> 08:29.059 have a convoluted decision problem . 08:29.420 --> 08:32.280 And so that is going to require change . 08:32.419 --> 08:34.890 I'm not continuing to push doing more 08:34.900 --> 08:36.960 with less down to the doers . But 08:36.969 --> 08:40.219 really how do we close that gap ? We 08:40.229 --> 08:43.080 can't do zero trust with within a cyber 08:43.090 --> 08:46.109 security silo , we can't , we have to 08:46.119 --> 08:48.179 do mission cybersecurity is about 08:48.190 --> 08:50.246 making sure the mission can happen . 08:50.246 --> 08:53.286 How do we start connecting the business , 08:53.296 --> 08:55.352 the mission , what needs to happen , 08:55.352 --> 08:57.240 getting the data and the decision 08:57.240 --> 08:59.745 makers connected closer to the data 08:59.916 --> 09:02.166 that's going to mean there's a lot of 09:02.176 --> 09:04.806 senior leaders that may be redundant 09:05.065 --> 09:07.765 and it's just a fact and we can change 09:07.776 --> 09:10.286 now or we can be forced to change when 09:10.392 --> 09:12.802 adversary makes us change . It's gonna 09:12.812 --> 09:14.923 hurt either way . So , I think that's 09:14.923 --> 09:16.979 what we need to do now is put on our 09:16.979 --> 09:19.090 big boy and big girl bridges and just 09:19.090 --> 09:21.256 get after it and , and make the change 09:21.256 --> 09:24.452 ourselves so very good . All right . 09:24.461 --> 09:26.572 Thank you . All right . So let's jump 09:26.572 --> 09:28.628 into some more questions here . So , 09:28.628 --> 09:30.461 speaking of trends and top cyber 09:30.461 --> 09:32.919 security things , Tim , I'll start with 09:32.929 --> 09:35.380 you . What value does artificial 09:35.390 --> 09:37.080 intelligence bring to modern 09:37.090 --> 09:40.219 cybersecurity defense strategies ? So 09:40.229 --> 09:43.109 there's the other buzzword . Um uh What 09:43.119 --> 09:45.929 I would certainly say is uh A I , I 09:45.940 --> 09:47.551 think from my perspective in 09:47.551 --> 09:49.829 cybersecurity probably offers no value . 09:49.829 --> 09:53.760 Uh Of course , I'm joking . Um The I 09:53.770 --> 09:56.159 just wanted to see if people were awake 09:56.169 --> 09:58.789 um after lunch . That's right . It's a 09:58.799 --> 10:01.070 cyber panel . So , you know , um now 10:01.080 --> 10:03.247 with all seriousness , of course , the 10:03.247 --> 10:06.559 value of A I in our mission space is 10:06.570 --> 10:08.570 probably the same as no matter what 10:08.570 --> 10:11.320 your role is and what mission that you 10:11.330 --> 10:13.760 operate in the emergence of the 10:13.770 --> 10:16.359 capability . Or I'll say the uh the 10:16.369 --> 10:18.859 recent awareness of the capability if 10:18.869 --> 10:21.091 you will , because I don't think A I is 10:21.091 --> 10:22.813 quite as new as uh many in our 10:22.813 --> 10:25.036 community may believe it is . It's been 10:25.036 --> 10:27.091 around for a long time . Um But from 10:27.091 --> 10:29.091 our perspective , we certainly have 10:29.091 --> 10:31.091 woke up to realize the value in the 10:31.091 --> 10:33.239 application uh and the broader 10:33.250 --> 10:35.599 application and use . But I'll pivot 10:35.609 --> 10:37.665 the question because I think most in 10:37.665 --> 10:39.887 the audience can fill in the blanks and 10:39.887 --> 10:42.053 understand that value . What I'll talk 10:42.053 --> 10:44.220 to , I think is appropriate for a good 10:44.220 --> 10:45.665 uh ciso or cyber security 10:45.665 --> 10:47.776 representatives . Talk about the risk 10:47.776 --> 10:49.998 of the technology and talk about how as 10:49.998 --> 10:52.320 a community , it is very critical that 10:52.330 --> 10:56.190 we understand uh the technology that 10:56.200 --> 10:58.729 we are employing , understand the 10:58.739 --> 11:01.539 needed cyber security controls , the 11:01.549 --> 11:04.169 application of those controls that need 11:04.179 --> 11:07.090 to go with any new capability that we 11:07.099 --> 11:10.570 deploy , so that we have the uh 11:10.700 --> 11:14.039 integrity uh in the outcome of , of 11:14.049 --> 11:16.160 these technology capabilities that we 11:16.160 --> 11:19.369 can trust uh the output if you will . 11:19.380 --> 11:21.830 Um And that we have the ability to 11:21.840 --> 11:24.630 ensure uh continual availability as 11:24.640 --> 11:26.696 well . Right ? And I think those two 11:26.696 --> 11:30.080 things go hand in hand . Um Certainly , 11:30.130 --> 11:32.140 uh from my perspective , there's 11:32.150 --> 11:35.534 considerable concerns if we don't have 11:35.544 --> 11:38.594 governance and the proactive 11:38.604 --> 11:42.025 implementation of the controls around 11:42.104 --> 11:44.804 uh the implementation of , of these new 11:44.815 --> 11:47.924 technologies , it does stand as another 11:47.934 --> 11:50.684 potential threat vector uh that can in 11:50.695 --> 11:53.184 turn impact that thing that we're 11:53.195 --> 11:55.362 attempting to defend , which is really 11:55.362 --> 11:57.528 at the end of the day uh our mission . 11:57.528 --> 12:00.885 So , uh again , many people will um and 12:00.895 --> 12:03.260 I , and I probably should stop to say 12:03.270 --> 12:07.130 sincerely , I , I do appreciate and as 12:07.140 --> 12:09.789 I'm sure my panelists here do as well . 12:09.849 --> 12:12.979 All the constant advice that I get on 12:13.109 --> 12:15.331 the role of the risk management and the 12:15.331 --> 12:17.442 decision space that we have to make . 12:17.442 --> 12:20.119 Um So all that input about how I'm 12:20.130 --> 12:21.963 doing it wrong . It's definitely 12:21.963 --> 12:24.520 appreciated . But I will say this , I 12:24.530 --> 12:26.308 think we heard from many of our 12:26.308 --> 12:28.729 speakers today um throughout the week 12:28.739 --> 12:31.820 really , um at the highest level , the 12:31.830 --> 12:34.119 expectations of the cyber security 12:34.130 --> 12:36.408 program and what we bring to the table , 12:36.408 --> 12:38.074 they're crystal clear from my 12:38.074 --> 12:40.349 perspective , there's a high bar set , 12:40.520 --> 12:43.260 there's an expectation of resilience 12:43.270 --> 12:45.492 and the integrity of our networks , the 12:45.492 --> 12:47.270 trust of our networks . That is 12:47.270 --> 12:49.659 absolutely clear . I do not get 12:49.669 --> 12:52.340 challenged why I should take more risk 12:52.349 --> 12:54.571 from the highest levels of leadership . 12:54.580 --> 12:56.691 I don't get that from our director at 12:56.691 --> 12:59.340 Dia . He's steadfast and very clear of 12:59.349 --> 13:01.719 ma making sure that we hold a high bar 13:01.729 --> 13:03.951 and we strive for excellence . Uh So in 13:03.951 --> 13:05.951 that regard , I think we carry that 13:05.951 --> 13:08.299 mentality into the integration of 13:08.309 --> 13:10.750 technologies like A I and quite frankly , 13:10.770 --> 13:13.219 any new technologies that we seek to 13:13.229 --> 13:15.451 employ for benefit in our mission space 13:15.715 --> 13:17.937 just pivoting on that for a minute . Um 13:17.937 --> 13:20.048 I've noticed the leadership buy in as 13:20.048 --> 13:22.215 well . I was um just , you know , glad 13:22.215 --> 13:24.382 to hear when I first started this role 13:24.382 --> 13:26.734 about how much senior attention is on 13:26.965 --> 13:29.132 cyber security . Do you all think that 13:29.132 --> 13:31.243 is because of zero trust and the need 13:31.243 --> 13:33.409 to do a culture change or do you think 13:33.409 --> 13:35.521 it was happening before ? What do you 13:35.521 --> 13:37.632 think prompted the , the attention of 13:37.632 --> 13:39.909 leadership in a good way ? Well , I'll , 13:39.909 --> 13:42.340 I'll start and pass it along . I think 13:42.349 --> 13:44.359 certainly , you know , I think zero 13:44.369 --> 13:47.359 trust is a increased focal point and 13:47.369 --> 13:49.480 attention . But I actually would , in 13:49.480 --> 13:51.091 my perspective , I think the 13:51.091 --> 13:54.099 leadership's attention is driven by 13:54.299 --> 13:56.859 their increased awareness of the threat 13:57.244 --> 13:59.188 and the success that the threat is 13:59.188 --> 14:01.815 having across our broader community . 14:01.924 --> 14:04.315 We've certainly seen across the public 14:04.325 --> 14:06.335 sector , if you will or our public 14:06.344 --> 14:08.775 facing capabilities , that external 14:08.784 --> 14:10.506 cyber threat and its increased 14:10.506 --> 14:13.184 capabilities that impact in many cases , 14:13.195 --> 14:16.239 even exfiltrate uh information or 14:16.250 --> 14:18.820 technology in which we lose an 14:18.830 --> 14:21.140 advantage . But I'd also say from an 14:21.150 --> 14:22.817 insider threat in some of the 14:22.817 --> 14:25.190 unfortunate events , as Julie mentioned 14:25.200 --> 14:27.311 their experience from some time ago , 14:27.311 --> 14:29.478 while it can have positive events , uh 14:29.478 --> 14:31.700 positive outcomes in terms of increased 14:31.700 --> 14:33.756 focus , I just want to make clear to 14:33.756 --> 14:35.811 any of the dia brethren here . We're 14:35.811 --> 14:37.811 not seeking that . Uh we're , we're 14:37.811 --> 14:39.978 happy to struggle through the hard way 14:39.978 --> 14:42.200 uh instead of getting that uh increased 14:42.200 --> 14:44.311 focal point uh out of crisis , if you 14:44.311 --> 14:46.478 will . On the other hand , don't let a 14:46.478 --> 14:48.533 good crisis go to waste , right ? Do 14:48.533 --> 14:51.010 you have any to add to that ? Yeah . So 14:51.020 --> 14:53.840 at the agency , you know , one of our 14:53.849 --> 14:56.260 primary missions is to do CNO and 14:56.270 --> 14:58.381 that's where I actually came out of . 14:58.381 --> 15:01.130 And so our previous cio and authorizing 15:01.140 --> 15:03.830 official for the agency . Um actually 15:03.840 --> 15:06.429 placed me into the position just for 15:06.440 --> 15:08.780 that , we know how successful we are . 15:09.159 --> 15:11.381 Um We need to make sure that we protect 15:11.381 --> 15:13.603 our systems against what we know we can 15:13.603 --> 15:15.900 do . And so I think it's been at the 15:15.909 --> 15:17.909 forefront , not only because of the 15:17.909 --> 15:21.250 2013 events , but just knowing what we 15:21.469 --> 15:24.239 are capable of doing , we need to work 15:24.250 --> 15:26.250 our hardest to defend our systems . 15:26.250 --> 15:28.619 Yeah . Makes sense . OK , I'll move to 15:28.630 --> 15:30.797 the next question . So the advances in 15:30.799 --> 15:32.688 A I are here , we're collectively 15:32.688 --> 15:34.299 adapting our cyber secu secu 15:34.299 --> 15:36.880 cybersecurity tools techniques and our 15:36.890 --> 15:38.820 risk management to address A I 15:38.830 --> 15:42.119 Assurance privacy , data management . 15:42.559 --> 15:44.559 Do you have words of wisdom for the 15:44.559 --> 15:46.726 community or do you have an ask of the 15:46.726 --> 15:48.892 vendor and intel communities on this ? 15:48.892 --> 15:50.892 And Julie , we'll start with you on 15:50.892 --> 15:52.892 that question . Yeah . So um at the 15:52.892 --> 15:54.892 agency , as I said , we've got uh a 15:54.892 --> 15:57.003 senior that was assigned as the chief 15:57.003 --> 16:00.130 data responsible A I officer . Um And 16:00.140 --> 16:02.307 his job has been to make sure that the 16:02.307 --> 16:05.340 agency brings a in kind of brings it in 16:05.349 --> 16:07.460 at speed , you know , government as a 16:07.460 --> 16:09.516 whole has been pushing us to go that 16:09.516 --> 16:12.130 way to use more and more A I . And so 16:12.140 --> 16:15.369 he has a whole office that has a uh 16:15.469 --> 16:18.109 informa uh sorry Artificial 16:18.119 --> 16:20.729 Intelligence Risk Committee on that 16:20.739 --> 16:22.295 committee . He actually has 16:22.295 --> 16:24.406 stakeholders from our General Council 16:24.406 --> 16:26.369 office , our Civil Liberties and 16:26.380 --> 16:29.929 Privacy office our compliance folks uh 16:29.940 --> 16:32.218 over in our cyber security directorate , 16:32.218 --> 16:34.384 they have the A I security center . So 16:34.384 --> 16:36.607 there's a representative from there and 16:36.607 --> 16:38.496 there's a representative from our 16:38.496 --> 16:41.530 authorizing uh space as well . And so 16:41.539 --> 16:43.969 as people are more and more asking for 16:43.979 --> 16:46.549 A I MODELS to come in , that committee 16:46.559 --> 16:48.781 actually reviews that to make sure that 16:48.781 --> 16:50.615 we're being lawful , we're being 16:50.615 --> 16:52.820 compliant . Um but we're trying to do 16:52.830 --> 16:55.299 things at speed and , you know , the A 16:55.309 --> 16:57.580 I models , if , if we take too long to 16:57.590 --> 16:59.534 actually figure out whether we can 16:59.534 --> 17:01.757 bring them in and use them , um they've 17:01.757 --> 17:03.979 already changed and , and they're on to 17:03.979 --> 17:03.539 the next one , right ? So we have to do 17:03.549 --> 17:05.849 a lot of processes to make that 17:05.859 --> 17:08.589 streamlined . Um But with the thought 17:08.599 --> 17:10.877 of protecting our system . So when the , 17:11.130 --> 17:13.270 the A I officer first stood up and , 17:13.280 --> 17:15.502 and put his committee together and told 17:15.502 --> 17:17.447 people they would vet these uh A I 17:17.447 --> 17:19.540 models , they kind of left us out of 17:19.550 --> 17:21.800 the loop a little bit at first and 17:21.810 --> 17:24.150 people started bringing things in that 17:24.160 --> 17:26.327 we were unaware of . And actually when 17:26.327 --> 17:28.640 I was with you down at the NGA summit 17:29.060 --> 17:31.260 earlier in the year , I heard on the 17:31.270 --> 17:33.492 previous panel , a cyber command person 17:33.492 --> 17:35.548 saying how they were using models on 17:35.548 --> 17:39.170 the NSA net . And I went , really 17:39.180 --> 17:41.459 where ? Right . So I took some notes 17:41.469 --> 17:43.636 down and I went back to the office and 17:43.636 --> 17:46.459 I started poking at the uh A Irc to say , 17:46.469 --> 17:48.691 hey , did you guys approve this because 17:48.691 --> 17:51.030 you never came to us and asked whether 17:51.040 --> 17:53.420 the risk was acceptable on those 17:53.430 --> 17:56.089 systems you're putting them on . So 17:56.099 --> 17:58.210 there had been some previous , as Tim 17:58.210 --> 18:00.432 said , you know , A I is not new , it's 18:00.432 --> 18:03.430 been around for a long time . Um We 18:03.439 --> 18:06.530 have a couple of uh systems that were 18:06.540 --> 18:08.762 approved a couple years ago to actually 18:08.762 --> 18:11.170 bring some A I models into their stand 18:11.180 --> 18:13.124 alone systems . And so it's pretty 18:13.124 --> 18:15.300 streamlined that if you ask to have 18:15.310 --> 18:18.069 something put in there , it's contained , 18:18.079 --> 18:20.135 we know if something bad goes , goes 18:20.135 --> 18:22.190 wrong in that space , it's not gonna 18:22.190 --> 18:24.357 get out on to NSA net and , and affect 18:24.357 --> 18:26.479 everybody else . Um But models were 18:26.489 --> 18:29.410 starting to pop up on NSA net . So 18:29.760 --> 18:31.982 we've come up with a set of processes . 18:31.982 --> 18:34.204 We're part of that . We assess the risk 18:34.204 --> 18:36.449 before a model can be used on the 18:36.459 --> 18:40.219 network . And we do a number of things 18:40.229 --> 18:43.540 to include um model scanning , virus 18:43.550 --> 18:45.494 scanning . And then we look at the 18:45.494 --> 18:47.717 cyber security of the individual system 18:47.717 --> 18:51.069 they want to put it on to see is it in 18:51.079 --> 18:53.469 the best shape that it could be ? Even 18:53.479 --> 18:55.590 though we continuously monitor things 18:55.590 --> 18:58.109 fall off the edge occasionally . And 18:58.119 --> 19:00.063 then what data they actually gonna 19:00.063 --> 19:01.952 access is the system that they're 19:01.952 --> 19:04.119 accessing it from , authorized to have 19:04.579 --> 19:07.680 uh access to that data or not . And so 19:07.729 --> 19:09.562 that rounds out kind of our risk 19:09.562 --> 19:12.040 decision and so forth . So kind of an 19:12.050 --> 19:15.599 ask for others in the community . 19:16.420 --> 19:19.760 We know that um CIA hosts a repository 19:19.770 --> 19:21.780 for AM models . We are gonna have a 19:21.790 --> 19:24.670 repository soon stood up . We're 19:24.680 --> 19:27.013 working more closely with the community . 19:27.013 --> 19:30.060 I , I talked to Tim and you monthly and 19:30.069 --> 19:32.236 we're getting more awareness among our 19:32.236 --> 19:35.050 own community um A as to what we're 19:35.060 --> 19:37.171 using , how we're doing it . So we're 19:37.171 --> 19:39.504 sharing the processes that we've set up . 19:39.504 --> 19:41.727 Um But from like a vendor perspective , 19:41.727 --> 19:44.770 we need more scanners for scanning 19:44.780 --> 19:48.410 models . Um We've looked at the way we 19:48.420 --> 19:50.920 use the antivirus scanners as well . We 19:50.930 --> 19:53.208 have to tweak those because by default , 19:53.270 --> 19:55.859 those scanners don't scan a whole large 19:55.869 --> 19:59.319 language model unless we force it to do 19:59.329 --> 20:01.162 it . So , you know , it's , it's 20:01.162 --> 20:02.996 brought a lot of things into the 20:02.996 --> 20:05.107 forefront of what to look at and what 20:05.107 --> 20:07.107 to try to work on to make sure that 20:07.107 --> 20:09.359 we're secure and using it in the best 20:09.369 --> 20:11.536 way possible . So , well , my tendency 20:11.536 --> 20:13.647 is to look at it from the security of 20:13.647 --> 20:15.869 the system . There's the other things I 20:15.869 --> 20:17.925 think Tim you pointed out too is you 20:17.925 --> 20:20.147 can also abuse a model , you can poison 20:20.147 --> 20:22.202 it . I'm not as concerned about that 20:22.202 --> 20:24.500 aspect of it . The A I officer works on 20:24.510 --> 20:26.979 whether the community is using it in 20:26.989 --> 20:29.211 the best way possible . I'm making sure 20:29.211 --> 20:31.378 that our systems are secure when we do 20:31.378 --> 20:33.660 use them . Right . Very good . Thank 20:33.670 --> 20:35.726 you . I'm gonna change the subject a 20:35.726 --> 20:37.948 little bit . And we're gonna talk about 20:37.948 --> 20:40.003 one of my favorite topics , which is 20:40.003 --> 20:41.726 how we bring together security 20:41.726 --> 20:43.892 operations , cyber security operations 20:43.892 --> 20:45.948 and the risk management , um group . 20:45.948 --> 20:48.114 We're doing a lot of work in that area 20:48.114 --> 20:50.448 across the ciso community . And so I'll , 20:50.448 --> 20:52.670 I'll start with Erica on this one . How 20:52.670 --> 20:52.540 is your organization integrated 20:52.550 --> 20:54.883 security operations and risk management ? 20:54.883 --> 20:57.670 The requirements of I CD 502 and 503 . 20:57.689 --> 20:59.745 And what are some words of wisdom to 20:59.745 --> 21:02.400 our com communities ? Yeah , so this is 21:02.410 --> 21:04.521 a good , great importance for us as , 21:04.521 --> 21:06.632 as well . Um So within our division , 21:06.632 --> 21:08.688 we actually have both uh RMF and our 21:08.688 --> 21:10.688 integrated defense group within the 21:10.688 --> 21:12.799 same , like I said , same division to 21:12.799 --> 21:15.021 us . Looking at 503 is how do you get a 21:15.021 --> 21:17.188 decision ? 502 is how do you keep that 21:17.188 --> 21:19.521 decision ? Right . What am I monitoring ? 21:19.521 --> 21:18.750 What am I looking for ? That is your 21:18.760 --> 21:21.209 monitoring ? What am I triggering on ? 21:21.219 --> 21:23.386 How do I get that back to the decision 21:23.386 --> 21:25.869 maker to , is that risk decision still 21:25.880 --> 21:28.819 valid ? Right . And so that's the 502 . 21:29.040 --> 21:31.207 So that means we have to integrate the 21:31.207 --> 21:33.262 tools . So what is our RMF system of 21:33.262 --> 21:35.429 record ? What are those ? What is that 21:35.429 --> 21:37.540 boundary ? And if I trigger something 21:37.540 --> 21:39.596 with my security ops tool , how do I 21:39.596 --> 21:41.651 know which boundary that was ? Who's 21:41.651 --> 21:43.651 that system owner ? Who is that A O 21:43.651 --> 21:45.762 that DAO ? So we need to connect that 21:45.762 --> 21:47.873 decision . Uh What are those promises 21:47.873 --> 21:49.707 of action within the tool ? Am I 21:49.707 --> 21:51.818 tracking those A I monitoring those ? 21:51.818 --> 21:54.151 Are they lies ? Are they not ? You know ? 21:54.151 --> 21:56.854 And so um words of wisdom is what are 21:56.864 --> 21:58.920 we monitoring ? What is that minimum 21:58.920 --> 22:01.142 brought up ? You know , everybody wants 22:01.142 --> 22:03.197 to know what's the minimum and uh we 22:03.197 --> 22:05.197 came up with Speedo , Speedo is the 22:05.197 --> 22:07.253 minimum . So what does Speedo mean ? 22:07.253 --> 22:09.142 Scanning patching ? How do I do ? 22:09.142 --> 22:11.364 Scanning , patching ? It's knowing what 22:11.364 --> 22:10.510 you have . That's your equipment , 22:10.520 --> 22:12.853 that's your diagrams , that's ownership . 22:12.853 --> 22:15.076 So if you got your Speedo , that's your 22:15.076 --> 22:17.020 minimum , that's how you keep your 22:17.020 --> 22:19.020 decision , right ? There's more you 22:19.020 --> 22:18.310 have to do . I mean , it'd be nice if 22:18.319 --> 22:20.208 you had trunks on , but how do we 22:20.208 --> 22:22.375 monitor that ? What do we monitor ? Um 22:22.660 --> 22:24.910 And then making sure . So I guess that 22:24.920 --> 22:27.449 what we need is that business impact 22:27.459 --> 22:29.660 analysis . How do we trigger trigger ? 22:29.670 --> 22:31.892 Isn't risk , isn't something cyber does 22:31.892 --> 22:33.614 on their own ? Right ? It is a 22:33.614 --> 22:35.920 conversation about what is the risk 22:35.930 --> 22:38.263 that's acceptable to that mission owner , 22:38.263 --> 22:40.319 to that business owner , that , that 22:40.319 --> 22:42.486 cyber , that system owner , maybe it's 22:42.486 --> 22:44.597 cost , cost schedule performance . So 22:44.597 --> 22:46.763 somebody gotta do that business impact 22:46.763 --> 22:46.535 analysis and it's not the cyber 22:46.545 --> 22:48.685 security team . So who's telling us 22:48.694 --> 22:50.583 what to trigger on what are those 22:50.583 --> 22:52.916 critical , you know , high value assets ? 22:52.916 --> 22:55.395 And so we can put that into both sets 22:55.405 --> 22:57.405 of tools . Um And so that's what we 22:57.405 --> 22:59.405 need support with we can't tell you 22:59.405 --> 23:01.627 your minimum . It's not a peanut butter 23:01.627 --> 23:03.683 spread . It's based on your business 23:03.683 --> 23:05.627 and your impact . So makes sense . 23:05.790 --> 23:08.010 Julie , did you have ? So we've done a 23:08.020 --> 23:10.500 similar thing and that our organization 23:10.510 --> 23:12.790 that does the authorizations also has 23:12.800 --> 23:14.967 our cyber security service provider in 23:14.967 --> 23:17.160 it . And so we've got that linkage 23:17.170 --> 23:20.060 between the two groups . Um but we also 23:20.069 --> 23:22.291 have the developers that have developed 23:22.291 --> 23:24.180 the compliance dashboard . And so 23:24.180 --> 23:26.180 they're pulling in all of the audit 23:26.180 --> 23:28.125 data , we require all the scanning 23:28.125 --> 23:29.958 information , all the connection 23:29.958 --> 23:32.959 records um pushing on comply to connect . 23:32.969 --> 23:34.913 Um Right , knowing what all of our 23:34.913 --> 23:37.025 assets are . So at any given time , a 23:37.025 --> 23:38.802 system owner can see what their 23:38.802 --> 23:40.858 cybersecurity , health and status is 23:40.858 --> 23:43.280 and what they are steet in or zero 23:43.290 --> 23:46.109 trust . I'll say uh status is on for 23:46.119 --> 23:48.230 any given system . And so just as you 23:48.230 --> 23:50.397 said , right , if the system is having 23:50.397 --> 23:52.452 a problem , we can see who the users 23:52.452 --> 23:54.859 are , users , right are and it's really 23:54.869 --> 23:57.036 who's the authorizing official on it ? 23:57.036 --> 23:59.189 Who was the ISM , who's the iso who's 23:59.199 --> 24:01.366 the c who are the other stakeholders ? 24:01.366 --> 24:03.477 So we know who to contact . Um We use 24:03.477 --> 24:05.366 that dashboard for the individual 24:05.366 --> 24:07.255 system owners to understand their 24:07.255 --> 24:09.489 health and status . But we also provide 24:09.500 --> 24:13.390 like a scorecard to our um pe 24:13.400 --> 24:15.622 Os so the people who have the money for 24:15.622 --> 24:18.160 those . So they also no , it's part of 24:18.170 --> 24:20.500 the business processes as to what the 24:20.510 --> 24:22.550 health and status is . So we have 24:22.560 --> 24:24.338 integrated those pretty closely 24:24.338 --> 24:26.560 together and I sit in that organization 24:26.560 --> 24:28.609 as well . So I see all that data 24:28.619 --> 24:30.619 firsthand and I can respond to it . 24:30.689 --> 24:32.911 Yeah . One of the things that I've been 24:32.911 --> 24:35.339 amazed by is the use of um continuous 24:35.349 --> 24:38.099 monitoring , con continuous a to kinds 24:38.109 --> 24:40.053 of dashboards where we're bringing 24:40.053 --> 24:41.998 together more and more information 24:41.998 --> 24:44.369 every day . Um I'm trying to work 24:44.380 --> 24:47.729 across the IC so that if we have , if 24:47.739 --> 24:49.850 and when we have major events , we're 24:49.850 --> 24:52.390 able to share data um through automatic 24:52.400 --> 24:54.800 ingest and well not automatic , sorry , 24:54.869 --> 24:56.925 pushing and pulling information back 24:56.925 --> 24:59.280 and forth across all the elements um in 24:59.290 --> 25:02.140 smarter new ways . So bringing together 25:02.150 --> 25:04.372 incident data with the risk that you've 25:04.372 --> 25:06.979 accepted in a to data , um better 25:06.989 --> 25:08.989 informs some of the decisions we're 25:08.989 --> 25:11.211 making more real time . I've been super 25:11.211 --> 25:13.322 impressed . In fact , that's been one 25:13.322 --> 25:15.545 of the activities we've been uh working 25:15.545 --> 25:17.767 on as CIS Os is um we're doing like a , 25:17.767 --> 25:17.640 a color progressive dinner kind of 25:17.650 --> 25:19.817 thing where we're going to the some of 25:19.817 --> 25:21.983 the bigger elements and kind of seeing 25:21.983 --> 25:23.928 what they're doing , trying to get 25:23.928 --> 25:26.094 lessons learned . Um The next round is 25:26.094 --> 25:25.489 going to be pulling in some of the 25:25.500 --> 25:27.667 smaller organizations and showing them 25:27.790 --> 25:29.989 some of these things that um some of 25:30.000 --> 25:31.949 the bigger organizations in NSA in 25:31.959 --> 25:34.040 particular has some very interesting 25:34.050 --> 25:36.300 things . So does NGA on how they're 25:36.310 --> 25:39.280 pulling together data ? So , yeah , 25:39.290 --> 25:42.849 thank you for that good work . Ok . So 25:42.859 --> 25:46.199 next question , the Dod and the IC 25:46.209 --> 25:48.050 remain strong partners in shared 25:48.060 --> 25:51.199 terrain and shared risk together . We 25:51.209 --> 25:53.359 deliver accurate and share accurate 25:53.369 --> 25:55.849 intelligence . Are there some good news 25:55.859 --> 25:58.239 stories and are areas that commercial 25:58.250 --> 26:01.339 dod and IC can augment together ? And 26:01.349 --> 26:03.627 for that , I'll go over to Erica first . 26:03.627 --> 26:05.459 Sure . So , you know , this is 26:05.469 --> 26:07.636 something that I think , you know , we 26:07.636 --> 26:09.858 always , you know , title 50 title 10 . 26:09.858 --> 26:12.080 What's mine , what's yours ? Um And the 26:12.080 --> 26:14.191 difference between data ownership and 26:14.191 --> 26:16.413 data stewardship where the data lives , 26:16.413 --> 26:16.170 where it's transporting through or who 26:16.180 --> 26:18.079 actually owns that data . So it's 26:18.089 --> 26:20.200 really getting down to doing the hard 26:20.200 --> 26:22.145 work of defining that having clean 26:22.145 --> 26:24.145 lines of authority , clean lines of 26:24.145 --> 26:26.256 accountability . Um And there's going 26:26.256 --> 26:28.422 to be dual reporting . There is a Venn 26:28.422 --> 26:30.478 diagram . Um part of the information 26:30.478 --> 26:32.589 network that mission commanders needs 26:32.589 --> 26:34.478 comes from the IC . There will be 26:34.478 --> 26:36.478 shared risk . We need to draw those 26:36.478 --> 26:38.422 terrain maps , do that , that Venn 26:38.422 --> 26:40.364 diagram . So we know within the 26:40.375 --> 26:42.486 transport services . OK . Where do we 26:42.486 --> 26:44.542 share risk between the C and the Dod 26:44.542 --> 26:47.005 the Mills and the dot govs with our 26:47.015 --> 26:48.848 airborne platforms ? Where do we 26:48.848 --> 26:50.848 connect ? And so it's doing that um 26:50.848 --> 26:53.060 portfolio management if you will now 26:53.069 --> 26:55.236 becoming cyber security , so we really 26:55.236 --> 26:57.780 can connect and see whose risk is where 26:57.790 --> 26:59.846 sometimes within the ISR community , 26:59.846 --> 27:02.123 maybe it's not a shared risk to the IC , 27:02.123 --> 27:04.234 maybe it's just a mission risk to the 27:04.234 --> 27:06.179 ISR community . Um And so who do I 27:06.179 --> 27:08.401 report that to ? Um And , and maybe the 27:08.401 --> 27:10.568 IC doesn't care because it's not using 27:10.568 --> 27:12.679 a service , a common concern and it's 27:12.679 --> 27:14.846 not sharing that , you know , it's not 27:14.846 --> 27:17.012 a source and method and so it's , it's 27:17.012 --> 27:18.901 doing that work . Um It's working 27:18.901 --> 27:18.540 across the aisle . Good news . 27:18.550 --> 27:21.400 Something that we've done is co located 27:21.430 --> 27:23.208 with F Cyber . So they've got a 27:23.208 --> 27:25.430 Certified CS , we've got our integrated 27:25.430 --> 27:27.430 defense soc co locating in the same 27:27.430 --> 27:29.541 places . So we can start seeing where 27:29.541 --> 27:31.708 we can synergize where we can use some 27:31.708 --> 27:33.874 processes um where we can , you know , 27:33.874 --> 27:36.041 tip off . I've got a tipper . You have 27:36.041 --> 27:38.152 a task or do I mimic that ? Do I send 27:38.152 --> 27:40.319 it ? What , where can we work across ? 27:40.319 --> 27:42.694 Um So thank you . Very good , Tim . 27:43.589 --> 27:45.969 Yeah , I think the key word in uh the 27:45.979 --> 27:48.146 question there , I will , I will pivot 27:48.146 --> 27:50.368 off of is the , the partner reference . 27:50.459 --> 27:52.739 Um And , and certainly it's important 27:52.750 --> 27:54.806 to understand . I , I probably start 27:54.806 --> 27:57.410 from a perspective of , of my own 27:57.420 --> 27:59.810 career in this community . I started 27:59.819 --> 28:03.670 out as a Marino 231 intel uh 28:03.699 --> 28:06.130 specialist supporting mission planning 28:06.140 --> 28:08.362 and , and doing intel briefs in support 28:08.362 --> 28:10.529 of those mission plans uh in order for 28:10.529 --> 28:12.640 any given mission , whatever it might 28:12.640 --> 28:14.751 be uh strike operation , et cetera to 28:14.751 --> 28:16.670 be uh successful . Um And then of 28:16.680 --> 28:18.791 course , in good marine fashion , you 28:18.791 --> 28:20.736 jack of all trades , you got these 28:20.736 --> 28:22.958 additional duties and one of which back 28:22.958 --> 28:25.124 then we called A P security officers . 28:25.124 --> 28:27.291 So , and of course , the second half , 28:27.291 --> 28:29.291 I actually turned out to be good at 28:29.291 --> 28:31.458 more so than the first half of the job 28:31.458 --> 28:33.347 description . Um So , but in that 28:33.347 --> 28:35.458 regard , it started me down this path 28:35.458 --> 28:37.402 of whether it was AD P security or 28:37.402 --> 28:39.869 information security or information 28:39.880 --> 28:42.449 assurance . And now cyber security um 28:42.689 --> 28:45.969 with this focus , persistent focus 28:46.270 --> 28:50.260 on the mission uh and why this need for 28:50.270 --> 28:52.569 cyber security exist . And it's a , 28:52.579 --> 28:54.989 it's from my perspective in any good 28:55.000 --> 28:58.459 program critical to dive in and fully 28:58.469 --> 29:01.410 understand the uniqueness of mission , 29:01.420 --> 29:03.364 whether it be relevant to your own 29:03.364 --> 29:05.198 agency or then leaning into this 29:05.198 --> 29:08.170 partner ship discussion , how you might 29:08.180 --> 29:10.180 reach out across the community . Of 29:10.180 --> 29:12.347 course , in my case , uh operate today 29:12.347 --> 29:14.458 as many of , you know , within our IC 29:14.458 --> 29:16.680 community , a cyber security inspection 29:16.680 --> 29:18.859 program , which is new within our 29:18.869 --> 29:21.280 community . Uh We haven't really been 29:21.290 --> 29:23.890 subject to such things as our Dod 29:23.900 --> 29:26.660 brethren through JF HQ Doen . And there 29:26.880 --> 29:29.219 as people know them , the CCR I program 29:29.229 --> 29:32.329 and our cor A program . Um but as we 29:32.339 --> 29:34.439 sought to accomplish the task of 29:34.449 --> 29:36.640 building a cyber security program , we 29:36.650 --> 29:39.079 intentionally reached out to our JF HQ 29:39.089 --> 29:41.680 D and brethren and established a deep 29:41.689 --> 29:44.000 partnership and I would be remiss if I 29:44.010 --> 29:46.920 didn't give uh Kudos and credit to 29:46.930 --> 29:49.150 Emerald Chase at the time , who really 29:49.160 --> 29:51.530 embraced this concept of a real 29:51.540 --> 29:54.020 partnership with the IC . Uh and we 29:54.030 --> 29:56.197 talked about what would be the win win 29:56.197 --> 29:58.419 proposition as we went down this path . 29:58.419 --> 30:01.219 And so we built a program that really 30:01.229 --> 30:04.219 was representative of where not only we 30:04.229 --> 30:06.550 felt we needed to go , which is , of 30:06.560 --> 30:09.339 course , in the IC tailored to our 30:09.349 --> 30:12.439 environment , tailored to our actual 30:12.449 --> 30:15.180 likely threats in the ways we might 30:15.189 --> 30:17.550 face exploitation , which of course , 30:17.560 --> 30:20.189 in many cases is different than our dod 30:20.199 --> 30:23.189 brethren . But we understood that the 30:23.199 --> 30:25.949 mission of the IC and at least in the 30:25.959 --> 30:28.260 dia case being , the Defense 30:28.270 --> 30:31.050 Intelligence Agency was critically 30:31.060 --> 30:33.949 focused on supporting the war fighter 30:33.959 --> 30:36.390 and the broader dod community . And so 30:36.400 --> 30:39.030 the risk that we operate with in our 30:39.040 --> 30:41.959 environment is as Catherine said , when 30:41.969 --> 30:43.858 she started in the old adage , in 30:43.858 --> 30:46.660 essence , imposed on the risk of the 30:46.670 --> 30:48.880 dod and the mission and the critical 30:48.890 --> 30:51.000 mission that they have down range on 30:51.010 --> 30:53.310 any given day . Uh And so we committed 30:53.319 --> 30:56.270 to a transparency out of that program , 30:56.280 --> 30:59.250 we share cyber security vulnerability 30:59.260 --> 31:01.260 information , the outcomes of these 31:01.260 --> 31:04.280 reports . JF HQ Doan's deputy director 31:04.290 --> 31:08.069 is actually a formal member of our risk 31:08.079 --> 31:10.579 board that evaluates the outcomes of 31:10.589 --> 31:14.069 our community risk because we recognize 31:14.199 --> 31:16.250 that that is not just a partnership 31:16.260 --> 31:19.160 that can help benefit each other and 31:19.170 --> 31:20.726 sharing lessons learned and 31:20.726 --> 31:23.099 capabilities deployed , but it's also a 31:23.109 --> 31:25.109 partnership in any given day in the 31:25.109 --> 31:27.180 mission space . And so we really do 31:27.189 --> 31:30.780 need to increase that transparency and 31:30.790 --> 31:32.910 then make sure uh that we're sharing 31:32.920 --> 31:35.420 information uh in ways that we never 31:35.430 --> 31:37.800 did before . And then I pivot off that 31:37.810 --> 31:40.359 partnership to say the same is really 31:40.369 --> 31:42.489 true as we shift gears and talk about 31:42.530 --> 31:45.400 our allied partners . Um And how we're 31:45.410 --> 31:48.920 proactively reaching out with purpose 31:48.930 --> 31:52.239 and the intent to really mature those 31:52.250 --> 31:54.599 relationships and mature the degree in 31:54.609 --> 31:57.150 which we share the same information uh 31:57.170 --> 31:59.420 with our five vice partners . And then 31:59.430 --> 32:02.050 even go as far as getting into the 32:02.060 --> 32:04.949 technologies and the implementation 32:04.959 --> 32:07.181 efforts that we have underway to try to 32:07.181 --> 32:08.903 make a difference . Because we 32:08.903 --> 32:10.959 recognize again , going forward , we 32:10.959 --> 32:13.319 won't fight any conflict without our 32:13.329 --> 32:15.989 allied partners moving in the future . 32:16.069 --> 32:17.920 And as such , the cyber security 32:17.930 --> 32:19.819 programs , however sensitive that 32:19.819 --> 32:21.986 information may have historically been 32:21.986 --> 32:24.152 treated . There's really a demand that 32:24.152 --> 32:26.160 we actually push the envelope and 32:26.170 --> 32:28.059 increase those partnerships . And 32:28.059 --> 32:30.059 certainly that's the message of our 32:30.059 --> 32:32.380 director dia in his efforts for seeking 32:32.630 --> 32:35.020 global integration . Uh And then that 32:35.030 --> 32:37.469 also means of course increased focused 32:37.479 --> 32:39.812 integration with our five eyes partners , 32:39.812 --> 32:41.479 both in the mission space but 32:41.479 --> 32:43.535 absolutely as well in the technology 32:43.535 --> 32:45.812 space . Yeah . No , thank you for that . 32:45.812 --> 32:47.923 Um One of the things I've seen little 32:47.923 --> 32:49.949 um hopeful spouts of transparency , 32:49.959 --> 32:52.015 certainly among the CISO s um on the 32:52.020 --> 32:54.242 stage and and others that are out there 32:54.242 --> 32:56.920 that we've been working with . Um we're 32:56.930 --> 32:59.640 in this together uh because it is one 32:59.650 --> 33:01.770 fight . Uh we have to be transparent 33:01.780 --> 33:03.819 when there is information that we 33:03.829 --> 33:06.609 should be sharing to protect all of us . 33:06.619 --> 33:09.319 Um We're working really hard to make 33:09.329 --> 33:11.385 sure at least among the , the ciso s 33:11.385 --> 33:13.218 that we're sharing that critical 33:13.218 --> 33:15.107 information and in a timely way , 33:15.107 --> 33:17.218 that's the other thing is doing it as 33:17.218 --> 33:19.162 fast as we can and working through 33:19.162 --> 33:21.329 whatever needs to be worked through to 33:21.329 --> 33:23.329 be able to share across that . So , 33:23.329 --> 33:23.099 thank you . I appreciate the 33:23.109 --> 33:25.410 transparency . Um With that , I'll 33:25.420 --> 33:28.270 shift to the next question . Um This is 33:28.280 --> 33:30.589 about incident response and recovery . 33:30.660 --> 33:32.438 What are the key elements of an 33:32.438 --> 33:35.510 effective incident response plan ? And 33:35.520 --> 33:37.742 Julie , I think you might have thoughts 33:37.742 --> 33:41.579 on that . Well , our CS sp , 33:41.589 --> 33:43.700 right , we're not responsible for our 33:43.700 --> 33:46.650 incident response . Um They do , we do 33:46.660 --> 33:48.771 uh collaborate closely with our cyber 33:48.771 --> 33:50.771 security director , which does have 33:50.771 --> 33:53.189 their red blue hot teams . Um And so 33:53.199 --> 33:55.532 one of the things that we've done , our , 33:55.532 --> 33:58.079 our teams have uh sops for how they 33:58.089 --> 34:00.780 respond to incidents . Um They use a 34:00.790 --> 34:03.150 number of different uh kits , sensor 34:03.160 --> 34:05.900 kits to actually go in and immediately 34:05.910 --> 34:08.669 start detecting collecting events that 34:08.679 --> 34:10.735 are happening within a space that we 34:10.735 --> 34:12.957 might think something has happened . Um 34:12.957 --> 34:15.068 And so that that collaboration across 34:15.068 --> 34:17.329 our organizations has helped us out a 34:17.339 --> 34:21.279 lot . Um And so our N CS SP has started 34:21.289 --> 34:24.029 a hunt effort and so they're kind of 34:24.039 --> 34:26.688 training through how to do a hunt and 34:26.698 --> 34:28.920 they're training on our life systems as 34:28.920 --> 34:31.069 well . So it's helping us button up 34:31.079 --> 34:33.698 different things that we um might not 34:33.708 --> 34:36.188 have been as closely looking at and 34:36.198 --> 34:37.976 then they do kind of a hot wash 34:37.976 --> 34:40.142 afterwards to see what they might have 34:40.142 --> 34:42.087 done differently , could have done 34:42.087 --> 34:44.142 differently . Maybe other tools they 34:44.142 --> 34:46.198 could have used . So kind of back to 34:46.198 --> 34:48.142 something that Tim mentioned a few 34:48.142 --> 34:50.087 minutes ago , um as a joint dod IC 34:50.087 --> 34:52.142 organization , right . We have to go 34:52.142 --> 34:54.365 through the CCR I or a Cora every three 34:54.365 --> 34:56.476 years . We just finished that back in 34:56.476 --> 34:58.709 the uh beginning of this year . And 34:58.899 --> 35:00.955 we've now taken essentially the same 35:00.959 --> 35:02.903 set of standards that they test us 35:02.903 --> 35:05.015 against and we're moving it on to all 35:05.015 --> 35:08.070 of our IC systems as well . And uh so 35:08.530 --> 35:10.830 it's allowed our teams to then kind of 35:10.840 --> 35:13.007 train a little bit more on our systems 35:13.007 --> 35:15.850 as we move that process across the 35:15.860 --> 35:18.379 whole enterprise , right ? And part two 35:18.389 --> 35:20.500 of this question , um Julie or anyone 35:20.500 --> 35:22.722 really , how do you ensure your team is 35:22.722 --> 35:24.945 prepared for a cyber incident ? And how 35:24.945 --> 35:27.056 do you handle training and simulation 35:27.056 --> 35:29.278 because we uh send the teams out to get 35:29.278 --> 35:31.278 as much training as possible within 35:31.278 --> 35:33.056 their spaces for doing incident 35:33.056 --> 35:35.429 response . Um You know , we've actually 35:35.439 --> 35:37.161 implemented a lot of the Cyber 35:37.161 --> 35:39.370 Workforce Improvement program , uh 35:39.379 --> 35:42.030 activities that require certification . 35:42.040 --> 35:43.873 So we've pushed our teams to get 35:43.873 --> 35:46.600 certified . Um they go over and train 35:46.610 --> 35:48.832 with the red teams that are over in the 35:48.832 --> 35:50.721 Cyber security Directorate to get 35:50.721 --> 35:52.721 certified from their perspective as 35:52.721 --> 35:54.832 well . So just the training , getting 35:54.832 --> 35:56.832 certifications and then giving them 35:56.832 --> 35:59.110 that opportunity to do , uh essentially 35:59.120 --> 36:02.590 live fire activities on our networks . 36:03.629 --> 36:06.229 Yeah . Yes . So , um , so there's the 36:06.239 --> 36:08.639 ice storm exercises within the F IC . 36:08.649 --> 36:10.969 We've uh instituted a hail storm . And 36:10.979 --> 36:13.090 so our hailstorm exercises are what , 36:13.090 --> 36:15.090 you know , going out and doing that 36:15.090 --> 36:16.979 incident response . You know what 36:16.979 --> 36:19.090 you're gonna , you're gonna play like 36:19.090 --> 36:21.257 you practice , so you gotta practice , 36:21.257 --> 36:20.709 you've gotta do it . We have to iterate , 36:20.719 --> 36:23.149 we have to make it better . Um Victor 36:23.159 --> 36:25.437 Alejandro , our tech director coined a , 36:25.437 --> 36:27.381 coined the term hot chocolate in a 36:27.381 --> 36:29.270 blanket . And so making sure that 36:29.270 --> 36:30.992 you're going out doing the hot 36:30.992 --> 36:30.395 chocolate and the blanket and 36:30.405 --> 36:32.627 preserving that evidence , putting that 36:32.627 --> 36:34.849 tape out there . Um So making sure that 36:34.849 --> 36:37.183 we're doing that because a lot of times , 36:37.183 --> 36:39.072 you know , we just wanna wipe the 36:39.072 --> 36:41.238 machine or we just wanna reimage , but 36:41.238 --> 36:41.024 we're , and that's not preserving 36:41.034 --> 36:43.090 evidence . So making sure that we're 36:43.090 --> 36:45.256 working that into our response plan um 36:45.256 --> 36:47.256 as well and exercising it . Yes , I 36:47.256 --> 36:49.367 think our teams have been part of the 36:49.367 --> 36:51.312 ice storms in the past and there's 36:51.312 --> 36:53.534 several other activities that we try to 36:53.534 --> 36:57.530 join in to uh exercise the teams . Yeah , 36:57.540 --> 36:59.707 that makes sense . And as we look more 36:59.707 --> 37:01.929 at partnerships , there's probably more 37:01.929 --> 37:03.929 we can do with tabletops across our 37:03.929 --> 37:06.151 different partnerships and probably the 37:06.151 --> 37:08.207 five eyes and other Allied Forces um 37:08.207 --> 37:10.540 kinds of activities moving forward . So , 37:10.540 --> 37:14.459 yeah , very good . Yes . Um 37:14.879 --> 37:17.540 So , shifting to workforce , this is 37:17.550 --> 37:19.772 one of our favorite topics because it's 37:19.772 --> 37:22.106 um it's a pain point for all of us . So , 37:22.429 --> 37:24.909 let's start with the question for Tim , 37:25.409 --> 37:27.570 how do you foresee the cybersecurity 37:27.580 --> 37:29.747 workforce evolving in the next 5 to 10 37:29.747 --> 37:33.360 years ? Um So I would uh 37:33.370 --> 37:36.709 start with um again , given the preface 37:36.719 --> 37:39.149 of what we talked about the emerging 37:39.530 --> 37:42.889 threats and the speed uh and the uh uh 37:42.899 --> 37:45.090 continual uh advancement in 37:45.100 --> 37:47.300 capabilities across that spectrum . 37:47.530 --> 37:49.697 It's certainly a challenging space and 37:49.697 --> 37:51.974 in many areas , you know , our , again , 37:51.974 --> 37:54.197 our default is to go towards technology 37:54.197 --> 37:56.419 and capability and the belief that that 37:56.419 --> 37:58.363 will solve all problems . I , I do 37:58.363 --> 38:00.830 strongly believe that uh the core of 38:00.840 --> 38:03.120 the workforce or the foundation of the 38:03.129 --> 38:05.429 workforce is gonna be absolutely 38:05.439 --> 38:08.510 crucial uh in this space in the coming 38:08.520 --> 38:11.209 years . Um I've kind of bucked the 38:11.219 --> 38:13.120 trend if you will in terms of our 38:13.129 --> 38:15.709 recruiting strategy , internal uh to 38:15.719 --> 38:19.010 dia I put forward in essence uh to my 38:19.020 --> 38:21.399 partners in that space that have a 38:21.409 --> 38:23.770 focus on our workforce management and 38:23.780 --> 38:26.199 our recruiting activities to basically 38:26.209 --> 38:28.500 send the message that for those folks 38:28.510 --> 38:31.110 that seek a career in cyber and we get 38:31.120 --> 38:33.429 these resumes that talk about cyber 38:33.439 --> 38:35.606 security skills . Do me a favor , skip 38:35.606 --> 38:39.300 them and target that entry level 38:39.310 --> 38:42.080 generation that comes out these stem 38:42.090 --> 38:45.820 degrees , uh talented uh individuals 38:45.830 --> 38:47.941 that are joining our workforce at the 38:47.941 --> 38:50.520 entry level , we got a more than one 38:50.530 --> 38:52.699 shining example in that regard in our 38:52.709 --> 38:55.320 cyber security program . Um And I've 38:55.330 --> 38:57.830 had similar examples . I could go back 38:57.840 --> 39:01.189 20 years ago to one of the interns that 39:01.199 --> 39:04.939 ultimately became uh my deputy and um 39:05.080 --> 39:07.191 at a very senior level and eventually 39:07.191 --> 39:09.191 moved on to greater things a little 39:09.191 --> 39:11.413 smarter than me , obviously , um , or I 39:11.413 --> 39:13.580 stuck around . Uh But nonetheless , it 39:13.580 --> 39:16.340 is that talent that is coming in not 39:16.350 --> 39:19.780 necessarily with deeper or , or 39:19.790 --> 39:22.260 focus on a cyber security mission space . 39:22.469 --> 39:24.580 But where you see that really 39:24.590 --> 39:27.389 exceptional ability from an engineering 39:27.399 --> 39:29.610 perspective , an architectural or 39:29.620 --> 39:31.729 engineering perspective , and those 39:31.739 --> 39:34.060 individuals are able to come in without 39:34.070 --> 39:36.979 any familiar with the cyberspace and do 39:36.989 --> 39:39.929 some phenomenal things and really look 39:39.939 --> 39:41.969 at our mission space almost with a 39:41.979 --> 39:44.439 fresh set of eyes if you will and you 39:44.449 --> 39:47.260 see the innovation uh in their critical 39:47.270 --> 39:49.669 thinking capabilities and the skills 39:49.679 --> 39:51.750 that they inherently have to really 39:51.760 --> 39:53.982 make a difference . And of course , all 39:53.982 --> 39:55.760 these buzzwords , a IML and the 39:55.760 --> 39:57.760 emergence of cloud technologies and 39:57.760 --> 40:00.729 software to find X . It's those talents 40:00.919 --> 40:03.560 that are able to do things uh in ways 40:03.570 --> 40:05.840 that we really had never envisioned . 40:05.850 --> 40:08.129 So that's a key part of our effort . 40:08.379 --> 40:10.540 But I also would say from a workforce 40:10.550 --> 40:12.820 perspective , the phrase strength and 40:12.830 --> 40:15.739 diversity really does prove itself out 40:15.750 --> 40:18.600 over and over again . Um Where we look 40:18.610 --> 40:20.721 at , for example , the cyber security 40:20.721 --> 40:23.209 program is an active partner , usually 40:23.219 --> 40:25.419 directly involved with our 508 40:25.429 --> 40:27.485 initiatives and sort of pushing that 40:27.485 --> 40:29.540 envelope of what technologies can we 40:29.540 --> 40:31.419 approve so that we can embrace a 40:31.429 --> 40:34.129 different part of our society if you 40:34.139 --> 40:36.306 will and how do we bring them into our 40:36.306 --> 40:38.689 unique mission space and or into the 40:38.699 --> 40:40.921 unique challenges in the cyber security 40:40.921 --> 40:43.179 space ? And then lastly , I will say to 40:43.189 --> 40:45.939 D I A's credit dia actually also 40:45.989 --> 40:48.820 pursued and intentionally went after a 40:48.830 --> 40:51.870 neuro diverse hiring program . Um And 40:51.879 --> 40:53.699 so we in Cyber have been the 40:53.709 --> 40:57.040 beneficiary of people that have a 40:57.050 --> 41:00.270 unique way of looking at this really 41:00.280 --> 41:02.510 complicated mission space and the 41:02.520 --> 41:04.409 technologies that we're trying to 41:04.409 --> 41:07.030 embrace and how these things integrate 41:07.239 --> 41:10.500 and in essence materialize risk for our 41:10.510 --> 41:13.469 mission space . Um It's impressive to 41:13.479 --> 41:16.350 watch those folks that again , look at 41:16.360 --> 41:18.500 some of our challenge , but in an 41:18.510 --> 41:21.659 entirely different way that I , for 41:21.669 --> 41:24.139 example , may have been really stressed 41:24.149 --> 41:26.530 or uh straining over a challenge in a 41:26.540 --> 41:28.429 given missing space for years and 41:28.429 --> 41:30.651 they'll come in . Oh , you just need to 41:30.651 --> 41:32.762 do this . And I'm like , why didn't I 41:32.762 --> 41:34.707 think of that again ? I think that 41:34.707 --> 41:36.873 really comes back to that strength and 41:36.873 --> 41:39.040 diverse and really embracing it in all 41:39.040 --> 41:41.318 that , that means across our workforce . 41:41.318 --> 41:43.979 So pretty excited about workforce 41:43.989 --> 41:47.209 recruiting um and embracing that notion 41:47.219 --> 41:49.163 of diversity in that space . And I 41:49.163 --> 41:51.300 guess definitely , definitely excited 41:51.399 --> 41:54.550 uh as I probably get closer to the end 41:54.560 --> 41:56.909 of my intelligence career , um and I 41:56.919 --> 41:59.110 have a lot of hope seeing some of this 41:59.120 --> 42:02.219 talent that comes in . Um And I think 42:02.229 --> 42:04.899 the key in that space is empowerment , 42:05.530 --> 42:07.879 right ? We don't put them in , I will 42:07.889 --> 42:10.629 say , you know , non directly 42:10.639 --> 42:12.639 contributing roles and we don't put 42:12.639 --> 42:15.419 them in roles in which they can't 42:15.429 --> 42:18.179 actually affect some authoritative 42:18.189 --> 42:20.620 decisions that can impact our mission 42:20.629 --> 42:22.790 space . And when you empower these 42:22.800 --> 42:25.500 folks and let them bring their full 42:25.510 --> 42:28.060 talent to the table . Uh not only do 42:28.070 --> 42:30.292 you see amazing outputs , but they have 42:30.292 --> 42:33.209 a propensity and a passion to continue 42:33.219 --> 42:37.040 inside the national security community 42:37.050 --> 42:39.161 if you will , where they're seeing an 42:39.161 --> 42:42.510 effect on what really crucially matters 42:42.729 --> 42:44.860 uh from a national security and or 42:44.870 --> 42:47.340 defense mission perspective . So , and 42:47.350 --> 42:50.629 I don't think we can ever compete uh in 42:50.639 --> 42:53.629 the salary uh construct for the talent 42:53.639 --> 42:55.750 that they bring to the table , but we 42:55.750 --> 42:57.840 absolutely can compete when you talk 42:57.850 --> 43:00.629 about the impact to critical mission or 43:00.639 --> 43:03.739 providing extremely meaningful roles uh 43:03.750 --> 43:07.090 in that space . Yeah . Um Wow , I could 43:07.100 --> 43:09.760 go on all day with this one . Do either 43:09.770 --> 43:12.760 of you wanna jump in here ? If not , I 43:12.770 --> 43:14.992 can add . No , I think I agree that , I 43:14.992 --> 43:17.310 mean , we have a lot of systems to uh 43:17.340 --> 43:19.669 authorize and protect and we have a 43:19.679 --> 43:23.040 pretty small workforce . And so getting 43:23.050 --> 43:25.860 the junior people in that are easier to 43:25.870 --> 43:29.159 hire , um getting rotation within the 43:29.169 --> 43:31.225 agency , we get people from a lot of 43:31.225 --> 43:33.336 different areas . So we get diversity 43:33.336 --> 43:35.447 that way as well . But I think giving 43:35.447 --> 43:37.502 the junior people the opportunity to 43:37.502 --> 43:39.613 work on some pretty hard problems and 43:39.613 --> 43:42.239 get exposure to the senior leadership , 43:42.879 --> 43:45.969 um gets them that , uh you know , extra 43:45.979 --> 43:48.201 kick that they're like , yeah , I wanna 43:48.201 --> 43:50.146 come to work every day and this is 43:50.146 --> 43:50.129 really cool . Let me see what I can 43:50.139 --> 43:52.790 find tomorrow and sort of thing . And I 43:52.800 --> 43:55.120 know we , we had a , we do a walk about 43:55.129 --> 43:57.919 with our offices um quarterly and we 43:57.929 --> 44:00.040 were talking to some of the folks the 44:00.040 --> 44:02.096 other day and they said , you know , 44:02.096 --> 44:04.040 what keeps you up at night ? And I 44:04.040 --> 44:06.151 think they expected us to say all the 44:06.151 --> 44:08.207 things they find and tell us about . 44:08.207 --> 44:10.151 And we said , no , that's not what 44:10.151 --> 44:12.207 actually keeps us up . It's the ones 44:12.207 --> 44:14.318 that we don't know about , right ? So 44:14.318 --> 44:16.373 go find those things . Yeah , really 44:16.373 --> 44:18.485 good . Um I'm pretty passionate about 44:18.485 --> 44:20.651 this as well in a previous life . Uh I 44:20.651 --> 44:22.762 worked on a new professionals program 44:22.762 --> 44:24.929 so much to like Tim was saying , uh we 44:24.929 --> 44:26.929 hired people with strong degrees in 44:26.929 --> 44:28.707 different areas by the way , um 44:28.707 --> 44:31.540 anything from policy and psychology to 44:31.550 --> 44:34.250 deep engineering , um computer science , 44:34.260 --> 44:36.659 of course . Um And then we worked on 44:36.669 --> 44:39.020 getting them the right experience by 44:39.030 --> 44:40.860 rotating them through different 44:40.870 --> 44:43.500 programs and support um very rewarding 44:43.510 --> 44:45.560 by the way , we also started in 44:45.570 --> 44:47.570 previous life , um was working with 44:47.570 --> 44:50.939 neuro diverse um programs to um 44:51.100 --> 44:53.399 see how we can acclimate uh that 44:53.409 --> 44:55.419 workforce just to , to bring more 44:55.429 --> 44:57.485 diversity of thought to what we were 44:57.489 --> 44:59.211 doing . And we were pleasantly 44:59.211 --> 45:01.322 surprised with some of that . There's 45:01.322 --> 45:03.439 some pattern matching and abilities 45:03.590 --> 45:06.340 that , uh , you know , humans don't 45:06.350 --> 45:08.729 always , uh they're not always able to 45:08.739 --> 45:10.683 do and some of these folks can see 45:10.683 --> 45:12.739 patterns and things that nobody else 45:12.739 --> 45:14.850 can see very interesting to have them 45:14.850 --> 45:17.128 work on very challenging programs . So , 45:17.290 --> 45:20.629 um the diversity of thought is for sure . 45:20.850 --> 45:22.961 The also the other thing is uh I look 45:22.961 --> 45:25.072 for when I'm recruiting and I've been 45:25.072 --> 45:28.719 hiring for decades . Also . Um looking 45:28.729 --> 45:30.785 for creativity , creative thinking , 45:30.785 --> 45:32.896 you need to be thinking creative , we 45:32.896 --> 45:34.951 can't do things the same way . We've 45:34.951 --> 45:37.007 been doing them all these years . So 45:37.007 --> 45:39.062 we're looking for who's creative and 45:39.062 --> 45:41.285 how they approach , say an A to or an A 45:41.285 --> 45:43.209 I or language model . Um And then 45:43.219 --> 45:45.386 critical thinking , of course , that's 45:45.386 --> 45:47.275 another thing we look for . So um 45:47.275 --> 45:49.608 looking for talent coming out of school , 45:49.608 --> 45:51.941 we're looking for , what's the judgment , 45:51.941 --> 45:54.163 what's the ability to think through a , 45:54.163 --> 45:56.386 a problem ? Uniquely . And originally , 45:56.386 --> 45:59.090 so I'm also very passionate about this 45:59.100 --> 46:01.709 topic . So um we'll move to the next 46:01.719 --> 46:04.070 question . Um How does collaboration 46:04.080 --> 46:06.139 with educational institutions and 46:06.149 --> 46:07.705 industry groups address the 46:07.705 --> 46:10.340 cybersecurity skills gap and workforce 46:10.350 --> 46:13.330 development over to Erica ? Sure . So I 46:13.340 --> 46:16.080 think very specific example um because 46:16.090 --> 46:18.257 there are lots of programs and there's 46:18.257 --> 46:20.368 local communities . And so I think we 46:20.368 --> 46:22.590 are empowered locally to find those and 46:22.590 --> 46:24.701 to use those to our advantage . So we 46:24.701 --> 46:26.812 had a couple D A OS that said , hey , 46:26.812 --> 46:29.034 we've got um University of Texas at San 46:29.034 --> 46:28.570 Antonio . They've got a National 46:28.580 --> 46:30.691 Security Coordinations Center . We've 46:30.691 --> 46:32.860 got the 16th Air Force um academic 46:32.870 --> 46:35.092 engagement office . We've got a viceroy 46:35.092 --> 46:36.981 program at the dod that will fund 46:36.981 --> 46:38.926 interns , a premier college intern 46:38.926 --> 46:40.870 program . So like a OK , we've got 46:40.870 --> 46:42.814 programs , we've got collaboration 46:42.814 --> 46:45.037 centers , let's use it . Um And so they 46:45.037 --> 46:47.037 use it . We've had two interns that 46:47.037 --> 46:49.148 have graduated through that program . 46:49.148 --> 46:48.695 They're coming back in the fall uh 46:48.705 --> 46:51.064 funded through Viceroy , another intern . 46:51.205 --> 46:53.445 Um they are trying to solve generic 46:53.455 --> 46:55.715 theoretical problem solving for us on 46:55.725 --> 46:57.935 some real hard problems . How do we do 46:57.995 --> 47:00.614 you know NRMF for A I , how do we solve 47:00.625 --> 47:02.792 that ? How do we work that into legacy 47:02.792 --> 47:04.847 problems ? Um And so , and it's also 47:04.847 --> 47:07.014 driving them towards Air Force careers 47:07.014 --> 47:08.847 and , and so it's helping them , 47:08.847 --> 47:10.958 helping us with attrition and helping 47:10.958 --> 47:13.125 them with careers and recruitment . Um 47:13.125 --> 47:12.959 And so just making sure that , you know , 47:12.969 --> 47:14.747 we're looking at how to utilize 47:14.750 --> 47:16.972 programs that are already available and 47:16.972 --> 47:19.194 knowing that we're empowered to do that 47:19.194 --> 47:21.194 locally . Yeah , that makes sense . 47:21.194 --> 47:23.530 Julie . Yeah . So at the agency , our 47:23.540 --> 47:26.030 uh National Cry Cryptologic University 47:26.040 --> 47:28.620 has a set of academic liaisons . I 47:28.629 --> 47:30.685 happen to be the academic liaison to 47:30.685 --> 47:33.570 Johns Hopkins University . And uh we go 47:33.580 --> 47:35.899 out to the universities and give talks 47:35.909 --> 47:38.020 to their different , uh , groups on a 47:38.020 --> 47:40.209 variety of topics . Um , but we also 47:40.219 --> 47:42.850 internally do a number of different 47:42.860 --> 47:44.909 activities , uh , such as support 47:44.919 --> 47:46.475 hackathons at the different 47:46.475 --> 47:48.530 universities . I've actually gone to 47:48.530 --> 47:50.863 one of the ones not down at San Antonio , 47:50.863 --> 47:53.070 but at college station or a hackathon 47:53.080 --> 47:55.689 and be a judge for that . Um , we 47:55.699 --> 47:58.169 provide Capstone Project topics to the 47:58.179 --> 47:59.901 universities as well for their 47:59.901 --> 48:02.239 different classes and then something 48:02.250 --> 48:05.540 else that was internal is uh we sponsor 48:05.610 --> 48:07.666 the Code Breaker challenge . I don't 48:07.666 --> 48:09.888 know if you've ever seen that out on uh 48:09.888 --> 48:11.999 the internet , but it's our way of uh 48:11.999 --> 48:13.943 trying to reach out to the college 48:13.943 --> 48:16.166 students . We come up every year with a 48:16.166 --> 48:17.999 different uh theme topic that is 48:17.999 --> 48:20.166 similar to something you might work on 48:20.166 --> 48:22.332 at the agency if you were to come work 48:22.332 --> 48:24.499 for us and it has different components 48:24.499 --> 48:26.166 of , you know , doing reverse 48:26.166 --> 48:28.166 engineering , cryptanalysis , maybe 48:28.166 --> 48:30.277 some language aspects to it as well . 48:30.277 --> 48:32.110 And that challenge starts at the 48:32.110 --> 48:34.277 beginning of the school year . It runs 48:34.277 --> 48:36.221 through about January time frame . 48:36.221 --> 48:38.277 There's a leader board out there and 48:38.277 --> 48:40.221 the colleges actually like kind of 48:40.221 --> 48:42.221 compete against each other . When I 48:42.221 --> 48:44.332 first joined this uh activity earlier 48:44.332 --> 48:46.443 on , we , we would burn a CD and take 48:46.443 --> 48:48.610 it out to each of our universities and 48:48.610 --> 48:48.570 hand it out and let them give it to the 48:48.580 --> 48:51.919 students . And , uh , Johns Hopkins 48:51.929 --> 48:53.985 said to me at one point , well , how 48:53.985 --> 48:55.929 are we doing against all the other 48:55.929 --> 48:57.929 universities . And so we decided to 48:57.929 --> 49:00.040 automate it and put this leader board 49:00.040 --> 49:02.207 up . And so then they were like trying 49:02.207 --> 49:01.360 to compete against all the other 49:01.370 --> 49:03.592 colleges . Something that's interesting 49:03.592 --> 49:05.814 if you look at that leader board though 49:05.814 --> 49:07.926 is that you'll see there are students 49:07.926 --> 49:10.699 at colleges , you would never think of 49:10.709 --> 49:13.530 being centers of excellence on 49:13.540 --> 49:17.040 something . And so I think it was , um 49:18.330 --> 49:21.810 uh was it like the North Dakota College 49:21.820 --> 49:25.070 of Mining or something was way high on 49:25.080 --> 49:26.969 our leader board ? And one of the 49:26.969 --> 49:29.024 things we also do is if the students 49:29.024 --> 49:30.747 complete all the phases of the 49:30.747 --> 49:33.199 challenge , uh then our hr folks 49:33.209 --> 49:35.709 actually go out and if they're not a 49:35.719 --> 49:38.280 foreign national um offer them a job . 49:38.570 --> 49:40.459 So that's one way we're trying to 49:40.459 --> 49:42.292 target uh the students and we've 49:42.292 --> 49:44.459 actually had high school students that 49:44.459 --> 49:46.681 participated in this as well . So we're 49:46.681 --> 49:48.959 seeing it at a younger and younger age , 49:48.959 --> 49:50.737 them getting into more and more 49:50.737 --> 49:52.959 activities that actually support this . 49:52.959 --> 49:54.959 So , you know , reaching out to our 49:54.959 --> 49:54.860 universities . I'm also on the Johns 49:54.870 --> 49:57.080 Hopkins , uh engineering for , for 49:57.229 --> 49:59.285 engineering , for professionals , uh 49:59.285 --> 50:01.340 computer science and cyber security 50:01.439 --> 50:03.560 board . And so every year we meet and 50:03.570 --> 50:05.681 kind of go over what their curriculum 50:05.681 --> 50:07.903 is and I can give them some pointers as 50:07.903 --> 50:10.237 to , hey , you know , A I is really hot . 50:10.237 --> 50:12.403 We need somebody , you know , I know , 50:12.403 --> 50:14.570 you know , a A I is hot but you know , 50:14.570 --> 50:14.360 here are kind of the topics that we're 50:14.370 --> 50:17.250 looking for , um , or different aspects 50:17.260 --> 50:19.482 of cyber security so we can help tailor 50:19.482 --> 50:21.330 the curriculum and , and get the 50:21.340 --> 50:23.507 students prepared to come in when they 50:23.507 --> 50:26.280 graduate . Yeah . Um , in fact , Cyber 50:26.290 --> 50:29.010 Patriot , uh , just happened a few days 50:29.020 --> 50:31.076 ago and that's a high school program 50:31.076 --> 50:32.964 for , um , what , what Julie just 50:32.964 --> 50:35.131 described . So , yeah , we're active . 50:35.131 --> 50:37.131 Um , I think we need to do more . I 50:37.131 --> 50:39.131 don't , I don't , I don't know what 50:39.131 --> 50:39.010 that more looks like , but if I was 50:39.020 --> 50:40.964 putting something out there in the 50:40.964 --> 50:43.187 universe , um definitely more about the 50:43.187 --> 50:45.076 pipeline and bringing high school 50:45.076 --> 50:47.242 college students along . Um , not just 50:47.242 --> 50:49.464 with the solid cybersecurity itself but 50:49.464 --> 50:51.810 more of the well rounded um being able 50:51.820 --> 50:54.500 to think , um , as we do cybersecurity 50:54.510 --> 50:56.919 moving forward . So , and actually 50:56.929 --> 50:59.469 yesterday I had a , a teams call with 50:59.479 --> 51:01.979 Hopkins and our African American , er , 51:01.989 --> 51:04.830 g was looking to participate in 51:05.060 --> 51:07.227 something that Johns Hopkins sponsored 51:07.227 --> 51:09.949 called the uh hack for Good um 51:09.959 --> 51:12.409 Baltimore . And so they , they reach 51:12.419 --> 51:14.530 out to several high school groups and 51:14.530 --> 51:17.110 so our er , g group has been working 51:17.120 --> 51:19.342 with some high schools , they wanted to 51:19.342 --> 51:21.509 see how they could get involved in the 51:21.509 --> 51:23.731 hackathon and , you know , spur on more 51:23.731 --> 51:26.469 uh stem role positions in those schools 51:26.479 --> 51:30.479 and , yeah . Very good . Very good . Ok . 51:30.489 --> 51:34.060 So we have time for maybe a question or 51:34.070 --> 51:37.620 two . It's got about 10 minutes . So I 51:37.629 --> 51:39.899 can't really see , do we , is someone 51:39.909 --> 51:42.139 fielding questions for us ? 51:48.459 --> 51:51.360 Oh , here comes one . Maybe the micro . 51:52.060 --> 51:55.159 Ok . All right . Uh , oh , here we go , 51:57.100 --> 51:59.267 po ratings . Anybody got a good joke ? 52:02.080 --> 52:05.080 No , a bunch of Csos walk in a bar 52:07.419 --> 52:10.540 check . All right . So this one's for 52:10.550 --> 52:13.939 Erica . Um , so I'm ever , I'm a PM 52:13.949 --> 52:17.459 for , uh , the offensive cyber branch 52:17.469 --> 52:20.500 for the Air Force . So we've been doing 52:20.510 --> 52:23.060 a lot of consolidation of baselines to 52:23.070 --> 52:25.020 best of breed components . I'm 52:25.030 --> 52:27.179 specifically wondering what are the 52:27.189 --> 52:29.520 risks involved of going to best of 52:29.530 --> 52:31.586 breed components ? And the fact that 52:31.586 --> 52:33.641 there's a lack of diversification in 52:33.641 --> 52:35.308 baselines . So is the lack of 52:35.308 --> 52:37.530 diversification of baseline , something 52:37.530 --> 52:41.479 that's looked at in risk as well ? Yeah , 52:41.489 --> 52:43.699 you keep me with the offensive cyber 52:43.709 --> 52:45.765 and now I'm thinking title 50 IC and 52:45.765 --> 52:47.709 trying to connect those dots , but 52:47.709 --> 52:49.265 you're really talking about 52:49.265 --> 52:52.379 programmatic spo baselining , sharing 52:52.389 --> 52:55.889 of baseline risks . Um is , yeah , so 52:55.899 --> 52:58.121 this is might be a back and forth . I'm 52:58.121 --> 53:00.010 trying to , trying to make sure I 53:00.010 --> 53:02.770 understand your question . Um Is it the 53:02.780 --> 53:05.750 threat of that baseline being 53:06.050 --> 53:09.050 exploited and then someone being able 53:09.060 --> 53:11.282 to use that ? Ok . So maybe this is dev 53:11.282 --> 53:14.290 low push , high kind of questions ? 53:14.939 --> 53:17.106 Yeah . And so then that goes into that 53:17.106 --> 53:19.161 shared terrain where we need to work 53:19.161 --> 53:21.328 directly with those program offices on 53:21.328 --> 53:23.495 what , what is your mission ? What are 53:23.495 --> 53:25.550 you working on ? What impact is this 53:25.550 --> 53:27.550 going to have ? What classification 53:27.550 --> 53:29.772 should it be should it be air gaps when 53:29.772 --> 53:31.939 we push it up , how do we protect it ? 53:31.939 --> 53:33.995 How do we control it looking through 53:33.995 --> 53:35.995 each of those controls ? And so one 53:35.995 --> 53:38.050 thing that we're looking at going um 53:38.050 --> 53:40.106 doing is that Izzy as a service . So 53:40.106 --> 53:42.161 having like standardized engineers , 53:42.161 --> 53:44.217 security engineers that can actually 53:44.217 --> 53:46.217 through the discuss up front , work 53:46.217 --> 53:48.439 directly with program offices and poses 53:48.439 --> 53:50.217 to one help with investment and 53:50.217 --> 53:52.272 architectural decisions as we try to 53:52.272 --> 53:54.050 move everybody to a more mature 53:54.050 --> 53:56.161 environment . But also help the while 53:56.161 --> 53:58.106 you're in your engineering phase , 53:58.106 --> 54:00.217 what's really important to you , what 54:00.217 --> 53:59.989 is the critical thing ? How do we 54:00.000 --> 54:02.167 protect that ? And so I think that's a 54:02.167 --> 54:04.222 conversation like I said before , we 54:04.222 --> 54:06.389 have to have up front . And so I think 54:06.389 --> 54:06.159 that is he as a service that we can do 54:06.169 --> 54:08.391 as a consultant across our community is 54:08.391 --> 54:10.447 gonna hopefully get after that so we 54:10.447 --> 54:12.669 can protect some of our uh trades . You 54:12.669 --> 54:16.340 know , our programmatic decisions . Did 54:16.350 --> 54:18.683 I answer your question ? OK . Thank you . 54:19.129 --> 54:21.073 Thank you . All right . Do we have 54:21.073 --> 54:23.296 other questions ? I don't see . So I've 54:23.296 --> 54:26.860 got a question for also Erica , Erica , 54:28.409 --> 54:30.631 but it , it , it , it might not just be 54:30.631 --> 54:32.798 there with Erica , but I'd like to see 54:32.798 --> 54:34.909 what the other panels uh also have to 54:34.909 --> 54:38.750 say . So with you brought up A I and 54:38.760 --> 54:42.189 A IML in particular how RMF 54:42.199 --> 54:44.929 applies . The nest 54:44.939 --> 54:48.909 1835 is bringing in ZT A 54:49.659 --> 54:52.149 and specifically mapping controls to ZT 54:52.159 --> 54:55.729 A or ZT . I wish Nist would 54:55.739 --> 54:59.330 finalize that document . However , what 54:59.340 --> 55:03.070 have you seen in particular , how 55:03.479 --> 55:07.340 specific mapping of controls have shown 55:07.350 --> 55:09.899 up with the A IML side of the house ? 55:10.110 --> 55:12.820 And what the 1835 has shown ? 55:15.020 --> 55:17.187 Does anybody else want this one ? I'll 55:17.187 --> 55:20.449 let you go first . Thank you . So I 55:20.459 --> 55:22.626 think specifically with A I and you're 55:22.626 --> 55:24.570 looking at automation , there's al 55:24.570 --> 55:26.848 there's humans behind it , right ? The , 55:26.848 --> 55:28.570 the automation is , you know , 55:28.570 --> 55:30.515 statistics and making sure they're 55:30.515 --> 55:32.515 making decisions faster . Um And so 55:32.515 --> 55:34.626 looking back at it's a , it's still a 55:34.626 --> 55:36.403 risk decision , we just have to 55:36.403 --> 55:38.403 automate that decision . So what is 55:38.403 --> 55:40.403 that process that we can automate ? 55:40.403 --> 55:40.389 What are those de decision points and 55:40.399 --> 55:42.455 trigger points that we can have some 55:42.455 --> 55:44.566 confidence ? I think somebody earlier 55:44.566 --> 55:46.566 um within this conference said it's 55:46.566 --> 55:48.566 about that confidence of data , the 55:48.566 --> 55:50.989 confidence of the process . So can we 55:51.000 --> 55:53.050 start looking at um 55:54.830 --> 55:56.979 accepting risk for a process or for a 55:56.989 --> 55:59.600 decision or for an automated um a 55:59.610 --> 56:03.300 trigger point that can get to doing 56:03.310 --> 56:06.090 RMF for A I faster now , going back to 56:06.100 --> 56:08.044 the N controls and putting this in 56:08.044 --> 56:10.044 process . Um I think we're going to 56:10.044 --> 56:12.378 have to use right now with what we have . 56:12.378 --> 56:14.433 And if there's other folks that have 56:14.433 --> 56:16.267 more , you know , experience and 56:16.267 --> 56:18.433 further along , we don't have to do it 56:18.433 --> 56:20.600 alone , we can go get help . Um I know 56:20.600 --> 56:22.966 that our , our cio Colonel M Jesse is 56:22.976 --> 56:26.315 also our A O and is , you know , super 56:26.325 --> 56:28.492 good at building those connections and 56:28.492 --> 56:30.492 working with a FRL and working with 56:30.492 --> 56:32.603 those folks that understand A I . And 56:32.603 --> 56:34.492 so instead of my office trying to 56:34.492 --> 56:36.658 figure out how to do it alone can work 56:36.658 --> 56:38.769 with those that have expertise to try 56:38.769 --> 56:38.461 to figure this out for the community . 56:38.471 --> 56:40.582 Um So if you have expertise since you 56:40.582 --> 56:42.693 brought up the problem , if you could 56:42.693 --> 56:44.860 help us solve the problem , that would 56:44.860 --> 56:44.511 be fantastic . And uh just give me your 56:44.521 --> 56:47.261 card . I appreciate that and question 56:47.271 --> 56:49.438 if you had the magic wand , would that 56:49.438 --> 56:52.552 be an overlay or an addendum of 56:52.562 --> 56:54.872 controls ? It would be automated ? OK . 56:55.261 --> 56:57.428 Right . So , I mean , looking at China 56:57.428 --> 56:59.539 how to build the process automate the 56:59.539 --> 57:01.594 process , have those policy decision 57:01.594 --> 57:04.389 points built in that we can trust . So 57:04.399 --> 57:06.455 we don't have security controls that 57:06.455 --> 57:08.621 somebody is going and doing this for . 57:08.621 --> 57:10.510 We build it in up front , put the 57:10.510 --> 57:12.677 policy decision points and enforcement 57:12.677 --> 57:14.788 points into our architecture and then 57:14.788 --> 57:16.899 monitor that . That's , that's what I 57:16.899 --> 57:19.800 would want . Thank you . I thought that 57:19.810 --> 57:21.588 was a good answer . I would say 57:21.588 --> 57:23.588 something similar . Um We have some 57:23.588 --> 57:25.810 precedents with def ops kinds of things 57:25.810 --> 57:27.866 as well where we're not looking at , 57:27.866 --> 57:30.088 you know , specific controls and static 57:30.088 --> 57:32.254 in time kinds of decision making , but 57:32.254 --> 57:34.421 rather looking at the process uh and , 57:34.421 --> 57:36.310 and the security , looking at the 57:36.310 --> 57:38.254 security process and being able to 57:38.254 --> 57:40.479 authorize that piece . Um So not always 57:40.489 --> 57:42.656 just going right to the control . So I 57:42.656 --> 57:44.656 appreciated how you answered that . 57:44.656 --> 57:46.649 Yeah , I might go out on a limb a 57:46.659 --> 57:49.149 little bit here and sort of add a voice 57:49.159 --> 57:51.750 track as we talk about the NIST 57:51.760 --> 57:54.459 framework and the concept of the 57:54.469 --> 57:57.060 security controls and , and as they 57:57.070 --> 58:00.600 exist um in there , um I , I think 58:00.610 --> 58:02.909 volume is the right word that comes to 58:02.919 --> 58:06.260 mind . Um I think it's super 58:06.270 --> 58:09.139 important . Um You know , I was part of 58:09.149 --> 58:10.939 the team that transitioned our 58:10.949 --> 58:14.149 community from um the old I CD 58:14.159 --> 58:17.860 116 to 63 . And of course , now , uh 58:17.870 --> 58:20.709 the 503 framework which embraced that 58:20.719 --> 58:23.070 NIS arm of fabric . And while it's 58:23.100 --> 58:25.899 exceptionally well defined in great 58:25.909 --> 58:28.850 detail , I also think it represents a 58:28.860 --> 58:31.550 unique challenge in that many folks in 58:31.560 --> 58:33.409 this business with the kind of 58:33.429 --> 58:35.810 engineering brains that folks have will 58:35.820 --> 58:39.110 go into those policies and the fabric 58:39.120 --> 58:41.300 of those security controls with what I 58:41.310 --> 58:43.810 would say , a mindset of compliance . 58:44.070 --> 58:46.530 Um And we talked about , we heard the 58:46.580 --> 58:49.270 topic about , you know , this broken 58:49.280 --> 58:52.219 RMF process and , and , and what the 58:52.229 --> 58:54.320 voice track I'd be compelled to give 58:54.330 --> 58:57.239 when you're looking at the list fabric , 58:57.340 --> 58:59.669 right ? Our adoption , that is a 58:59.679 --> 59:01.679 reference point , right ? There's a 59:01.679 --> 59:03.800 certain aspect of controls that we 59:03.810 --> 59:06.300 would see most critical or more 59:06.310 --> 59:08.889 critical as opposed to this pursuit of 59:08.899 --> 59:12.389 compliance that sometimes many times 59:12.489 --> 59:15.510 can get in the way of our speed and 59:15.520 --> 59:18.000 ability to deliver critical capability . 59:18.129 --> 59:20.296 So this is where the critical thinking 59:20.360 --> 59:23.110 skill is really important to have that , 59:23.459 --> 59:25.515 you know , engineering skill and the 59:25.515 --> 59:28.459 ability to interpret those library of 59:28.469 --> 59:31.760 controls and come to that balance of 59:31.770 --> 59:34.040 the application of them to provide what 59:34.050 --> 59:37.399 we would want to see is a properly 59:37.409 --> 59:40.459 balanced risk pitch . As we're trying 59:40.469 --> 59:42.989 to deliver capabilities . In many cases , 59:43.000 --> 59:45.310 we hear the horror stories of programs 59:45.320 --> 59:47.629 that are struggling in meeting the full 59:47.639 --> 59:50.169 depth of controls and in many of those 59:50.179 --> 59:52.330 cases haven't had those upfront 59:52.340 --> 59:55.250 conversations so that we can help 59:55.500 --> 59:58.159 ensure that you understand in that full 59:58.169 --> 01:00:00.969 library of what those publications may 01:00:00.979 --> 01:00:03.989 say , it's all about what unique 01:00:04.000 --> 01:00:06.699 mission capability or what sensitivity 01:00:06.709 --> 01:00:09.850 of information you're handling as well 01:00:09.860 --> 01:00:11.749 as the criticality of need on the 01:00:11.749 --> 01:00:13.919 mission space . It becomes a 01:00:13.959 --> 01:00:17.189 negotiation in each of those instances . 01:00:17.449 --> 01:00:19.671 So it's super important , you know , we 01:00:19.671 --> 01:00:21.919 like to say the process is broken or it 01:00:21.929 --> 01:00:23.929 wasn't this way I came through last 01:00:23.929 --> 01:00:27.280 time , all those variables matter in 01:00:27.290 --> 01:00:29.020 the proper application of that 01:00:29.030 --> 01:00:31.197 framework or the proper application of 01:00:31.197 --> 01:00:33.363 security controls , whether they be in 01:00:33.363 --> 01:00:35.474 a overlay , construct , addendum , et 01:00:35.474 --> 01:00:37.350 cetera . You can't take out the 01:00:37.360 --> 01:00:39.879 critical thinking skill needed to find 01:00:39.889 --> 01:00:42.209 that right balance in your unique 01:00:42.219 --> 01:00:44.163 situation , your capability , your 01:00:44.163 --> 01:00:46.610 mission space . And that brings us full 01:00:46.620 --> 01:00:48.453 circle . That's exactly where we 01:00:48.453 --> 01:00:50.564 started with the shifting of the ciso 01:00:50.564 --> 01:00:52.731 role over the years . And uh it's been 01:00:52.731 --> 01:00:54.731 going on for a while now is to move 01:00:54.731 --> 01:00:56.620 from this compliance way of doing 01:00:56.620 --> 01:00:58.731 things to a more um making trade offs 01:00:58.731 --> 01:01:00.953 and being able to pull out what are the 01:01:00.953 --> 01:01:02.898 most important things , you know , 01:01:02.898 --> 01:01:05.064 given the horizon and looking over and 01:01:05.064 --> 01:01:07.287 looking at her series and being able to 01:01:07.287 --> 01:01:09.453 say these five things or what or seven 01:01:09.453 --> 01:01:12.034 things are more important than the rest 01:01:12.044 --> 01:01:14.405 of the tomes that we have . For example , 01:01:14.465 --> 01:01:16.521 that is one of the skills that we're 01:01:16.521 --> 01:01:18.465 trying to teach others . Um moving 01:01:18.465 --> 01:01:20.354 forward . So with that , I really 01:01:20.354 --> 01:01:22.576 appreciate everybody's time and I think 01:01:22.576 --> 01:01:25.125 we are wrapping it up . Thank you . 01:01:52.989 --> 01:01:54.767 Thank you , Miss and all of our 01:01:54.767 --> 01:01:57.100 panelists for that important discussion . 01:01:57.100 --> 01:01:59.211 Next , we will take our final exhibit 01:01:59.211 --> 01:02:01.320 hall and networking break . Please 01:02:01.330 --> 01:02:03.219 swing by and check out all of the 01:02:03.219 --> 01:02:05.219 amazing vendors downstairs and meet 01:02:05.219 --> 01:02:06.629 back here promptly at 1500 .