Competitions & Competencies: or “How to Hack your way into the Cyber Workforce!” - Chip Thornsburg

you need a button Meer what you need a butt [Music]

me it's so funny we brought one of these like I got one in my bag two things I need one of these to talk and I need something to stand on to keep me from wandering too far the microphones and all right ready I'm ready want me introduce you or we're not gonna have music I don't get to run out nothing like that uh Hey everybody Welcome to bsides 2024 this is the in the clouds track and my name is Chip thornsburg so uh we're going to talk about competitions and competencies uh subtitle there how to hack your way into the Cyber Workforce um we're going to talk a bit about the cyber Workforce shortage I'm sure if

you're looking for a job or if you're in school you continually hear these figures so we're going to talk about how real those actually are we're going to talk about skill gaps uh the role of work roles two roles there uh competitions employer attitudes about those competitions and then a couple of tips for upskilling uh if you're trying to move into the field of cyber security um so I am the uh program coordinator for cyber defense at Northeast Lake View College so one of the community colleges one of the Alamo District colleges we are up um Kittyhawk and 1604 on G the north east side of town appropriately named um I've been in this game for a long time uh means I'm

old right so uh first tech company 96 uh I'm still actively a peace officer and do electronic crimes investigations uh part of the Secret Service uh electronic craft task force uh and the regional ransomware response teams um that that work out of South Texas um have taught it various places um actually have some formal education too um so my first hack using something like this 1982 and that was Angelo State University because way back in the day none of you would know this but they had this amazing Star Trek game um that you could play right if you could find it in their system um and that's you know so trying to get into that Mainframe was a

was kind of a big big thing and just to talk about that subject right how to hack your way into the career field back in the day so back then in 1982 it wasn't even against the law to break into a computer system yet um nowadays it absolutely is so and and so if you find yourself thinking about hey I just need to do an unscheduled pentest of a company and then they're going to want to hire me those days are long past um what you'll do is you'll break in then you'll disclose everything and then they'll turn it over to the FBI and you'll wind up doing the per walk right and so two really big examples of

that so Marcus Hutchinson uh if you've ever read that story it's pretty interesting so here's a guy who literally single-handedly saved the internet from a really nasty worm that was running around and then he turns around and gets arrested by the FBI uh and if you're not familiar with Aaron Schwarz that's another great um story so two brilliant brilliant people that wound up getting sideways with law enforcement and at one point I mean it Aaron it cost him his life he committed suicide over the whole thing so um that is not the path to go down anymore so enough of that stuff so we see this all the time right 4 million is the new expect right

so they're 4 million unfilled cyber security jobs in the profession and we see help wanted right cyber security specialist and so then where's my job um if there's 4 million unfilled positions out there why do we have such a struggle breaking into this job field and so that's really what we're going to spend some time on today so um the ISC squar reports that there are 5.5 mil million people in the cyber security Workforce that's Nationwide or excuse me I said that's worldwide so if they're saying there's 4 million unfilled jobs so somewhere these numbers don't exactly match up because we're talking about we need to basically double our existing Workforce so 50% of the jobs that are

out there are unfilled and that's not probably reality um in 2022 there were 40 four 440,000 new jobs created um 43% of employers though and this is a big thing this is sort of one of our our main themes right report there's a significant skills Gap they need people to be able to do a certain thing and they can't find talented talented people um 75% say that is a considered a most challenging threat to their uh success as a company this this skill Gap um 22% of companies reported layoffs in 2022 of cyber security people that's better than the average tech company because 51% of those were laying people off we've seen big right Google act a bunch of people

Amazon I mean we we've seen those things happen and again that if we have four million unfilled jobs why are we laying people off and so a lot of that has to do with the skill sets that they're looking for that they need to fill um 30% of companies are expecting budget cutbacks and so we talk about trying to break into the field there's always this conversation about which is more important experience or education um right we see that right how many people are doing a four-year or have a four-year degree in cyber security is okay so that's always sort of a challenge for us is to say wait if I've got my degree does that open the

door for me and the answer is sort of um at senior level positions 86% of the people responding to these say they want experience only 14% say yeah we want somebody with a PhD so getting your PhD in cyber security might not be unless you're in Academia right that that might not be the best use of your funds or time entry level positions 70% prefer experience only 30% prefer a bachelor's degree but then we get into that how's how is it entry level if I have to have experience and so it's not just work experience we're going to talk a bit about that too so interactive portion why do companies hire someone it's okay to yell back at me

[Music] of some sort they need somebody to do a thing right we need this task completed we need somebody to do this thing that's why they're hir that's why they're hiring and so they do the job post right so outcomes a cyber security job post and here's this new unfilled position and it's entry level but we still might want all of these things and then immediately here come all of the cyber security applications that come in because every person out there in the job Force knows that if you want to make money this is one of those fields where people get paid a lot of money and so it is not unheard of for even small

companies to get four or 500 applications resumés come in for one position that's locally that happens when you talk about National companies they can go up into the thousands of applications coming in right for that one position they're trying to fill so if you're not familiar there is a tool that was created by the federal government it's called the uh cyber careers pathway tool Google that if you are looking to jump into the job market because this lists out every one of the federal job titles and it's cool we can't really do interactive in here but when you hover over one of those it shows you these are the jobs that feed into that and these

are the jobs that come after that so you can see where it fits into this kind of the Ecology of a of a career field that's what it's designed to do if you click on any one of them it will show you all the related job titles that are with that and then you can look at the specific tasks and it says so as a cyber defense analyst one of the tasks is develop content for cyber defense tools analyze Network traffic identify anomalous activity so it lists all of those things out so if you're applying for a position as an analyst this is what that position needs to be able to do and it also does

knowledge and skills and abilities list those so you can see exactly what that position needs for you to be successful and you can sort of compare and contrast your current skill set your experiences and how those line up with that particular job um brand new that they just came out so the bottom one down here was says micro challenge it's actually an interactive little competition if you will if anybody's ever done hack the box or some of the other competi we're talk about those this this is what that is it's a little here's what you would have to do and it presents you a little sort of a taste of this job and if you can

complete that micro challenge pretty easily that's a pretty good indication that you have the skill set to perform that particular job function so that's a new thing they put out it's really pretty cool they haven't been very clear about how they're uh collecting the data on that my sense is so someone at some point is they're looking at people going through those things and identifying potential candidates um that is something that large scale employers particularly federal government have been known to do in the past so we talked about that education versus experience and then I'm going to throw in the third part versus skills right so these are the kind of the three overlapping areas when it comes to

getting into the workforce itself and so in this little place where they all intersect we refer to that then as competencies right so it's all of your experiences your ability to perform that task remember that's why they did the job post in the first place we need someone to do this task right and so that little spot in there is where all of those things come together and hopefully you've developed competency in that particular task or area um for those who are working your way through a college program uh most all the schools now in San Antonio have the designation from the NSA as a center of academic Excellence or program of academic Excellence part of that

requirement um is that students be at least offered the opportunity to participate in competitions um and these these challenge type environments um the downside is there's no real definition of that and very little actual research is done um I joined up with Barbara huitt at Texas State and we said hey we're GNA we're going to do an actual academic study and figure out who which competencies are out or which competitions are out there how do employers view these things is it actually something worthwhile for our students to do and so we announced that at a meeting and then promptly uh Dan that's not really d that's really Dan but Dan jumps up and think says well what do you mean by

competitions there's all kinds of competitions like ah valid point Dan grumpy though you come across um the the Genesis of all of these competitions goes back to the military of all places um and this concept of War gameing so the military's long been known for that right we can't go out and use live ammunition and shoot at each other in order to train right that doesn't make sense it's dangerous duh it's expensive right and so they came up with things like tabletop exercises which there's another talk going on today about tabletop exercises I heard that's going to be a great one um the guy who kind of is the the uh father of that Modern War gaming is is a guy named

Peter PLA and he worked at the uh US Naval Institute for years and wrote a there's actually a big book when we talk about cyber security and cyber competitions kind of can point back and say those things started at Defcon hopefully you all heard of Defcon um out in Vegas and so this was hey we're going to present attendees of our conference this technical Challenge and we're going to see who can solve that challenge the fastest right or in the best Manner and so since that that's from the ' 80s right so since that lots and lots of competitions have been rolled out in a different uh sectors and Fields um if you are in San anonio by the way the

local defon groups are starting back up um so the last Thursday of the month uh and they're going to be held at Northeast Lake View uh on our campus out there as we're we're going to actually host them um to get that kick back off so um if you're interested in that those are great monthly meetings to come into so different types of competitions there's blue teams right so that's focused on network defense um most of those are system based running VMS uh you score points by reconfiguring or configuring in a secure manner um the goal is to practice that securing different systems and networks um they tend to be highly academic cyber Patriots imagine

everyone's heard of that one before uh there's also uh Hive storms so most of those are uh free U and they tend to be fairly academic oriented um on the on the blue team stuff um some red team right so the fun hacking stuff right we've got hack the Box try hack me there's some others that are out there so that is more uh we're going to put you in this virtualized private Network we're going to give you a series of targets you're going to try and figure out how am I going to compromise the system how am I going to break in how I'm going to so you earn the points by Pony right these different machines um

some of them are free a lot of them when you move beyond the basic level to subscription model um but still a great place to uh test out your skills uh there are some Hybrid models right so red versus blue where you've got two teams in opposition you've got a blue team running you've got a red team running so the big one is the uh Collegiate cyber defense competition the CCDC um that is a national competition a lot of universities here in town uh you'll see competing in that and so you have pentesters working at the same time you have people trying to secure the network so you're literally fighting off an adversary at the same time so

again um you award are awarded points by actively defending successfully like maintaining the security of your network while also compromising other people um and that's a a pretty robust that those are in person those are not virtuals um other types we have Capture the Flag so we'll hear that referred to sometimes as a jeffardy style you might have multiple categories of information that come out um many of these are work roll oriented so we talk about when I'm writing my resume or I'm looking at what tasks do I need to complete that work roll so if you're going to spend time competing and you have in your mind I want to work in this particular

field and you want to be a pentester then spending all your time in a blue team environment or pursuing blue team type certifications might not be the best way to spend your time right you would want to orient more towards team stuff um most all of these are very proprietary very closely guarded secret of how they're rolling amount um there are some free but a lot of them are uh have subscription they're generally fairly fairly cheap though so um the Sans holiday hack ch is very forensic oriented on that one super fun uh that one is free PCO CF is one that's out um one that we actually participate in pretty heavily uh is the national

cyberly so the national cyberly um has the uh categories for ENT password cracking cryptography Network traffic analysis digital forensic log analysis um and then uh also web application exploitation enumeration and scanning so all those are different categories that that students uh or competitors uh are placed into you're trying to side the challenge uh there's lots of uh great materials in that platform to learn because they provide you a a gym um with walkthroughs so if you don't know how to do that particular thing there they're going to give you a walkth through um and teach you how to do it um chew me on uh you can compete as an individual uh also as teams in that so

in that particular competition it's High School through graduate level and they're just starting to try and sort them out so you may have high school students competing against people that are in the field and and trying to pursue a master's degree all in the same environment and it's all about who does it quickly and most accurately that's how you're scoring those points um for the last two years running though a high school student won that competition in the individual right one we'll assume right because we don't want to feel bad about our own skills right we're going to say well he has all the time in the world he doesn't have a family and a job

and all the rest of the stuff but the the real takeaway is anyone can be successful and can be successful at whatever level they're at so even if you've never done competitions before starting and just learning how it works is a very important role it uh as a as a professor I couldn't give someone a a problem and say Hey I want you to spend the entire weekend trying to solve this problem for my class and you're going to get a grade next week because they're going to go yeah hard pass pal I got things to do I got to take my goldfish for a walk I got other things right but in a competition

environment that's 56 hours and a lot of students are in that they might get four hours sleep the entire weekend right because they are grinding away trying to solve that and so that competitiveness really comes out it's a very interesting thing um our particular school so this is not just a cool looking Jersey right so the nigh hacks that is our um competition team and and Lake View uh because we're Community College right so we don't have great basketball teams and the rest so they treat our hacking team our competition team like a sports team there so they all have um this is a a school issued Jersey um hacker handle on the back right we wouldn't want anything

boring like your regular name um so it's a it is a fun and and work wild thing so the real question is what do companies think about this right so the NSA thinks it's a great idea academics are like oh this is going to be amazing and again who cares right what do hiring managers what do people who run these companies what do they actually think about this um are they really a measure of Competency and the answer is yes um so we surveyed um first uh about a hundred hiring managers and then we came back and we didn't like those responses we were like that that seems oddly like supportive of this whole thing and so we turned around and and uh

surveyed another 60s something cios and cesos using the same same questions um when we aggregate um 58% were very familiar with this cyber comp comptition of different types 11% actually had participated in them themselves um so these are fairly high level managerial type so that helps us when they start looking at resumés um How likely were you uh would you be to consider uh competing right as a raise as promotion uh or in some form of recommendation um 23% of those people said yeah they would treat that as as favorable so even if you're working uh existing employers say hey you did something you went out of your way you're trying to better yourselves we recognize that's something that's

important we want to support that as a as a company when we talk about people trying to break in right so for applicants or intern applicants does your company consider participating a valuable experience 92.6 that was the that was the figure that threw us off we're like it can't be that High um and it was among both of those groups it's really that high 90 plus% of these managers hiring managers cios C so say this is valuable experience so when we talked about experience and education and skills it's not just work experience if you can document on your resume I did this thing right in this context here's what I did that's what they're looking

for on the resume and that's how you separate out from the other 500 resumés that hit their inbox when they post these positions oops um 60% said they have hired people that on their resume was yes they were listing on there that they were competing in these types of events so we ask about resume statements right which is which sort of um is is more important to them participating as a team or participating an individual um we had the assumption that it would be teams right so competing is a team because cyber security is absolutely a team sport right you you have to be able to communicate with other people you got to be able to work with people even

though you don't like them um you may not like them I shouldn't say right you got to be friendly you got to get along and the employers actually came back and went we're more impressed when someone does it individually because they're taking that initiative we assume right the answer is you're taking initiative to uh improve your skill set and so that tends to hold a lot of weight that along with things like creating a I have run a test Network at home so I can test these things which we can all do virtually now it's it's fairly cheap back in the day you were trying to buy surplus equipment um and and having pieces of stuff all strung through your

house uh it's much easier these days to do things like that um so the long and the short add competitions to your resume um how many people have done competitions before and so all the rest of you should as well um how many of you have that on your resume oh that's pretty good for you good job um all the rest of you need to put it on your resume because again this is something to differentiate you from all of those other places yes sir we were just talking about how we want to start looking for these things in in the applicant we're looking at because we do value I mean all those numbers your

career we value skills over and experience over education we definitely value death Conor of major competitions whether team or individual I I don't personally care but fact that they're on your resume is something really nice to see it's there's a big part of that so um there's this weird dynamic you know that is do we're going to help you write your resume because well you've got a degree we're going to help you and so you wind up on well I have knowledge of this and I have knowledge of that it's like okay I mean I I I've seen very high I wind up doing a lot of hiring for um for Alamo Colleges in the technical

field just based on my background and I've seen people applying for director jobs like and it you know have knowledge of Microsoft Office Products I'm like so does every third grader right so good for you um and and again you need to we we want to differentiate ourselves from all of those other applicants and this is a good way to do it it really is uh because it's something that's um abstract and it is um it's you can validate it as an employ right so your uh most all of those have um scouting reports or some sort of and right so you you'll have some sort of documentation that says you did this thing in x amount of time restored this

level or you've got this ranking um there are people on hack the box that are making tons of money right because they're ranking in that I don't know last time I looked 350,000 people in that platform or something right so if you're in the top 50 guys um out of 350 you know what that's some mad skills um and so if it's applicable to the work worldle I I apologize I missed the intro uh do you have a breakdown on offensive versus defensive competitions traditionally towards the offensive sign um uh we did so um I I will make the slide deck available I I think we have the ability to do that I'll make the

slide deck available so yeah I actually list out blue team red team red versus blue so yeah we there are some of those so um here's some of the high so talk about upskilling um here are some of the high demand um skills that employers are looking for um anything with incident response um whether or not it's the reporting part or it is the um compliance issues of right look are we meeting the compliance issues for this regulatory framework um that is a big big skill that's in demand now and we have this conversation a lot with students so um how many people have ever worked fast food oh come on now so how many of you think that fast

food putting that on your resume is applicable for cyber security one so let me ask you this when you worked in that did you have a checklist of things that you had to run down every single opening and closing and everything that you did yes you did because everybody that is no different than the nist checklist that we have right that is that is no different than the checklist that you're going to run down for the uh so the the one that's rolling out now right the cyber security maturity model that that's being rolled up right having that concept of I have this checklist and it's not always just do this thing right turn off this thing

it's more generalized but having that ability to do that yeah that's that's actual valid experience um for that so that's a a big thing so even if your technical skills aren't super high that's more of a soft skill a managerial level thing but having the ability to look at a compliance framework and then figure out how does this apply in our current environment that's a huge skill and get paid fairly well um really specialized stuff memory forensics um Network traffic analysis if you starting to get in that a lot of those uh competitions will do that so get good at Network Miner get good at wire shark get good at some of those things um th those are really really in

demand skills not a lot of people people spend the time most academic programs you're just getting a big right it was one slide in one presentation and we talked about that well okay that's great but actually using it and and playing around and taking a network uh a pcap file and carving out a malicious file right and then starting to work through that reverse engineering thing that is a super high skill level and you don't have to spend a lot of money to learn it there's tons of video out there there workshops I think there might be I think there's going to be a run Workshop here on on some of the malware analysis RSE

engineering so these are great places to to start building those skills um let in there malware analysis so uh if you're not a super great coder that's okay you don't have to be right but if you have the ability to just generally look at that and then start figuring out here's how it works here's what it's doing determining those indic ators of compromise we're putting twoyear students that are really in internship so a year and a half long students in the Cyber defense we put them in with a local employer and that's what they're doing they're doing threat hunting and they're determining what are the indicators of compromise and then that company's pushing that out to 70

other so it's not something you need to have a PhD to be able to figure out it's there it's just about practicing and competition are a great place for that but there's other places you can learn well um and then the huge door for anyone to walk through that's trying to break into the field operational technology right OT networks and you don't so this is going to sound weird right you don't have to know all sorts of things about OT because the problem that we have with our OT networks we're using TCP wrapper and we're saying we're just going to shove this thing into a regular Network so if you understand Network traffic analysis you also have the ability to do

OT support because a lot of our OT networks now because people don't want to have to drive into the office that's terrible right I want to be able to connect across the internet and we see systems compromis right water treatment facilities sewage plants I mean we're seeing those those big breaches the reason why is that they're taking ska systems and they're just shoving them onto the internet because I need to have access from my home so um you know which what could go wrong um with your wholly unsecured protocol of communication and we'll just pipe that across the internet because nothing bad could happen so um those are all really in demand um segments uh you'll see lots

of if you if you search you'll see lots of positions for an analyst right cyber security analyst and even colleges are I don't want to say being deceptive but being not as clear as they could be uh perhaps that's one of the things oh getting this degree you can be a cyber security analyst but only 3% of those jobs are held by people under the age of 30 actually it takes before someone puts you in that job role they want you to have some other experiences um or super Mad Skills right that's the only way you're going to kind of overcome that um so but if you search for things like incident response right hey I need to understand how networks

are put together I need to understand things like Network traffic analysis I need to understand some forensic capabilities and those are things you can learn and it's a little easier to break into that because the job pool is much smaller so those are sort of the high demand places where we can get Beyond that 22% have done layoffs um but not in these fields right analysts people hanging around yes um but if you have high level of technical skills you're not the person canting let go and if you are who cares because there's 20 other companies that are saying I'm sorry you know how to do this um we don't have anyone ours that that has that capability that's a

big I mean think memory forensics right so oh we've got eight people in our but no one here really is good at memory foric oh yeah I I'm I'm All About that I've done competitions I've done these other things see here right that differentiates you from all those other candidates so right all right um look at that I was talking kind of fast so they worried me because they kept showing me those signs that say we're going to hold these up and say 10 minutes so um but we do have about 10 minutes left suppos in at 945 um that's my contact information right so uh Twitter sorry X handle right is cyber Leo with a three uh Facebook is C

thornsburg LinkedIn you can search at thornsburg or obviously at Northeast Lake View um if you have questions happy to try and answer them you might have to yell at me because I we're hearing a it's in this room is horrible for that yes sir um so on the skills that you mentioned are those from the survey results that you're getting back maners or is that kind of General the high demand stuff that's just general observation that that seems as J posings that are out there and sort of the way things are trending um the things that push towards some of the job fields you've got the feds but they're always a little bit lagging um

but if you look at things like insurance companies you look at some of those other Banks um and you're seeing insurance companies tell their customers that that have cyber Insurance polies like you really should have forensic capabilities inside your company because when something bad starts to happen is not the time you go we need to find a subcontractor to come in here and help us as the Barn's on fire um so there's big push for follow up on that from a a pin testing perspective I'm curious how offensive security feels compared to some of the things you're seeing there I know that there really high interest for so this is my opinion so take this one

for what it's worth um most people that one to get into cyber street right the same thing that you probably all keed on right how to hack my way in right I want to get paid right I can be paid I can make money to be a hacker yes you can but you think there's a lot of job applications for an analyst position when a pen tester job opens up there are thousands and so in some ways it's a rush to the bottom salary-wise unless you are absolutely at just the elite level um so a forensic capable person gets paid way better than a pen tester not if that's what you want to do be

happy and do your thing but that's that's probably the most competitive segment of everything u a couple of slides ago you talk about is it hacking the Box competition is that what it's called so uh hack the box is a so it's free to sign up they they've pivoted and they've started doing a lot of um training as well they have blue team but it's it was designed for red team you get a a VPN connection into their network uh and and it says hey here's this box they give you the IP try and break in okay um and so you're going through all of those pen testing for right so you're doing all the scanning and enumerating trying to

figure out what open ports and what services it's running and all of that to see if you can find a way to compromise it and the neep thing is those are all Productions so there might be payment card systems it might be a healthc care man records management uh it might be an a domain controller they have different types of devices that are in there um it those are challenging did you get ranked on that yes um although it's going to take you a while literally there was 350,000 people like last time I checked on that it's going to take you a while to get up there if you do so I actually I'm friends with the the ciso he had a a

young man that was working on his security team who really was in the top 50 in the world um and he was fighting with their HR because he had no Advanced degrees and they're like we can't pay him the amount of money that you think we need to pay this guy to stay he just had to tell them do you not understand the minute that he starts telling people he's in the top 50 in the world he can go anywhere and work for anyone and we need to keep him and so they fought and fought and fought but he went up a $50,000 a year uh increase in salary just to keep him hang on to him so and

that's a Fortune 500 company so out there sir about um skills EXP erience and knowledge and down the a I believe to do this uh what what are CER are certifications consider from that knowledge or skills I don't a lot so certif certifications kind of were on the education side and so academics for a long time went hey you just need a degree and then if you get your C your Security Plus now you've got a certification but if you've looked at comp TOA Security Plus is not even listed as a security certification anymore it's core um they're pushing cisa plus and some other um things in that so um that's a a double-edge thing if

you're going to work for a federal contractor you're required by the feds to work you must have a Security Plus you've got to do that um but it's like like developing any other skill if you're if you're want to work in forensics um why try and get a pentest plus Why Try I mean so spending the time or Os plus some of those really great certifications but they tend to be workr oriented that that's the thing I would caution you about um typically if I'm reviewing a resume and I see 27 certifications on there I one think that this person just has way too much time on their hands um or it's like if they're not valid to what so if

I'm trying to hire a pen tester I don't care that you have that uh you're PMP I don't care that you're agile certified I don't care that you're a Sigma Black Belt right those things they're not relevant to the work role and so that's the only thing I would caution you about certifications don't get them just to get them and at this point I can't imagine any employer who just opens the door because oh you have your Security Plus now you and I don't even know what the the millions of others at this point sir how do you become part of these some of these surveys because the data you showed there was pretty interesting we

talked about like how are you getting some of this data um not that I disagree with it it actually follow quite along with some of the things we care about but that'd be interesting to me I I do also have one other followup question how did you see um software development and full stack development um as part of like you know what folks are looking for I didn't see it there as like a priority um we did not survey it in for software development okay because that that was at it's quite literally out of the scope of expertise for myself or bar um so so that couple of slides came out of a much larger survey and that was a academic

survey we went through the the IRB for uh Texas State uh there were a multitude of questions that were that were part of that those were just ones that were relevant to competitions we also talked about certifications and which certifications and work roles and size of companies and there was a lot of other data in there I just pulled those because they're relevant to competitions um and yes when you see a something on a survey that says 96% of people are uh and so far it's held true and it's held through two different two different rounds of surveying and different levels of of people and not just local it wasn't a if you're an academic we're

running out of time it wasn't a snowball sample is there it wasn't just me surveying my friends and trying to get them their friend to send to someone else so we were a little bit more rigorous than that um in our in our surveying methods so we did use social media for that first round we pushed it out through technology groups that were out there not not just sending it out through all my friends on LinkedIn agree with me well yeah that's to be expected so which is was the problem when we got the first 90% we're like that can't be right um so I'm with you I don't I I literally don't like that stat either

but it is what it is and and and we verified it but it still is like okay it's it's a really high it is it's like a fooden election result you know yeah like it's going to be it's the best ever all right maybe one more are we out we're done come on you got a question like you said we can put compe on our resume absolutely so how does AI resume so these days usually they will I think uh AI will analyze the resume and then only later stages the human will analyze the resume like read the resume so if we put are competition as experience how does AI resume um application so I think that it won't

matter really I don't think that and and part of that is just getting your resume through um the pre-screening AI that every big HR employer uses right now and so part of that if you're doing Project based work even during school that's experience and so list it as List It In your experience section because it's you're telling someone I did this thing with these resources and here with my outcome it doesn't really matter to them whether or not you were a intern or an unpaid intern or I mean that that's not the important part um it's documenting that you have the ability to do something and again resume is just going to get you they're just going to talk to

you so anything you put on there as we close make sure you can talk about it after HS probably isn't going to trigger off the word competition but if you say you were in a competition and use these skills it'll catch the skills yeah so thank you so much um I need to get out of the way so the next person can come in and I'll hang out there

[Music]