What to Expect When You're Expected to Testify

hi folks how you doing today there will be no technology discussed in this uh in this deck in this talk it is lovely to have you here with me I am Tara wheeler I'm CEO of Red Queen Dynamics and for many many many of my sins I've been asked to do some testimony before on information security policy in front of the Washington State Legislature and in front of the US Senate so are you all in the correct talk all right the flight to Atlanta's next door all right good um so it's wonderful to be here with you today what I want to do is let you know that I'm going to talk for about 40 45 minutes

and then at the very end I'm going to do a Q&A that's going to be more extensive than most people do and the reason for that is I'm going to ask our lovely AV crew at the back thank you very much for them and the hard work they've been doing all day long much appreciated thanks guys uh I'm going to ask them to turn off recording and that is because I'm going to get [ __ ] real and I'm going to name names and I'm going to tell you who to talk to several of those people are here in the room today so we're going to be super real and I'm going to ask you all to during

that period of time not talk uh or not talk online not quote me uh not take pictures or record what I'm going to say and that's so I can be real with you how many people here are resident in Washington state excellent this is why we're going to save our [ __ ] State people okay we got to do something so I am super glad to be here with you today and I'm going to talk about what I have ended up doing why I'm here and uh really just kind of get into the the nature of what information security testimony and policy looks like so I've done this a couple of times um I have I've been that person who's been

asked to testify and I felt uh pretty scared I think initially um I ended up doing a pretty good job the first time and the second time and hopefully the third time and the reason for that was I had a good crew of people who knew what they were doing who were behind the scenes there is no time that you will ever asked to testify in terms of information security policy in which you should ever do it on your own okay at least 20 people are going to be behind the scenes helping you making sure that you're doing a good job and ensuring that you know what the hell you're talking about when you get asked a

question more than that even if you know what you're talking about how to phrase it to the kinds of people you're going to be talking to Okay cool so uh no [ __ ] there I was in uh um it was this early 2020 and I was driving our Forerunner uh down I think my husband wasn't even in the state at the time and I was I was asked to testify on right to repair um this was in front of the Washington State Senate and at the Washington State Senate they were considering a right to repair Bill locally I care a lot about this because right to repair is a topic that really touches a lot of communities

it touches abandoned wear E-Waste it touches the the ability of people who are trying to get into technology to get those service repair and support jobs many of whom don't have a lot of access to the kinds of educational opportunities that many people in this room have had so I cared a lot that manufacturers might lock the ability of devices to get literally just a battery casing like a battery housing solder redone at a shop or like a screen replacement they're trying to stop this right and this is the kind of thing you can pay somebody 30 bucks for at a fix it shop and this is not only a great source of income for people breaking

into technology but it's also something that lets them uh fix something that you might have thrown away otherwise right so I care a lot about that um then I got asked to do it again this is during covid uh it was it was not as much fun um but you know I did some work on that as well too and as a result of having done these things and being somebody that was seen to answer questions well and clearly to legislators I got asked to testify in front of the US Senate um this is the Department of Homeland Security's uh uh committee examination on why the csrb the Cyber safety review board was or wasn't kind of fulfilling

its obligations that happened in January of this year shortly thereafter I was like I should propose to beside Seattle and have this conversation so that's my lovely spouse behind me he was just like beaming this is deviant Olaf for those that don't know him in the room but um he does he does physical security stuff and he was just thrilled so what is this like what's this process like it is super super super opaque here in Washington state what's going to happen basically is some place somebody that you've never heard of who's like 24 years old and like an assistant legislative you know director or assistant is going to circulate your profile your public profile internally

inside a group of people who are going to figure out whether or not you seem like you would be a good fit to testify in front of a committee okay they're going to look at things like whether or not they like your face they're going to figure out whether or not uh you are the kind of person who who would be a good fit in front of the committee and when we say fit a lot of times we're talking about identity stuff I'm going to jump into that in a second this kind of thing right here you don't know who to call to testify in front of Congress I'm assuming right who in here would like

know the name and phone number of the person to call when it comes to testifying in front of a hearing and in your local legislator right you better push your hand up I know you B come on there you go I know you better than that we're going to have a conversation with you in a minute okay that was a threat all right it's biased okay this is super super biased all right this is um this is a sausage factory and we're going to talk about that all right you're going to get chosen to testify based on your likability and your perceived Authority these traits are strongly correlated with being a middle-aged white male who

served in the military um and who lives in Washington DC okay so this is it at least on the national level on the local level very strongly correlated with already existing privilege all right there's nothing you can do about that just like put it out of your mind right now because you can't solve that problem on an individual basis as a collective Community there's some options to solve it which is why I'm standing here partisan politics are going to happen to you you can't control what your identity is if you are a woman if you're a person of color if you're a visible member of the queer Community okay um you may discover that just existing in the body you exist

in is made you has kind of made you seem too political to be a good fit for the panel of experts that will be empanel to discuss this topic and this matters okay this was a hearing that happened last summer in front of the House's committee on the internet this is a house subcommittee on intellectual property the internet trade policy I was supposed to be on this panel and this right now is the kind of panel that is testifying in front of the house committee on the internet okay I know and like and respect some of these folks but I want you to understand that there was possibly some politics behind the scenes um we we had you never find

out why you were deselected after you've been asked okay and that's just a thing you kind of have to get over a little bit we'll talk more about this as well in the no video and realy Q&A session later you may never have more impact on American politics than getting a chance to do this okay I want to deeply encourage every person in this room if you have an opportunity to testify or to help someone who's going to testify to try to do some work on this process all right everybody in here has technical expertise that matters that is is part of not only who you are and what you care about but it's also something that

you can use to make policy better who here thinks that American policy on technology is super great going well just fine great cool so that's the thing we're trying to fix is get a little bit of reality of clarity of some good strong analogies into the conversation when you're talking to policy makers okay this is about as much as you'll ever be able to do in US polic politics I mean is anybody in here planning on running for elected office one day I am not right oh oh I love that yeah we got we got a couple hands okay so this is wonderful anybody who's planning on running for office one day I don't care

if it's the PTA or the US Senate this is part of the process of getting what you want done it's at least partially going to be about selecting the experts that you think are going to best present your position and opinion or at least present a pretty balanced version of what the real issues are in front of a committee that's going to determine um something I still don't really understand which is the markup on a bill okay I know some of the people that write laws cyber security laws for this country and I still don't really understand what this process of committee and markup and everything like that is but there's just like a Redline moment where I guess they

all throw it into a Google doc and share the link everywhere and they just fix up the laws and then they pass it you know that I presume that's how works I watch the cartoon like everybody else did but you I think that's how it works like and I've I've seen as much of this process as most people I think have in information security and it's still super opaque to me but I know this who's served jury duty in here before I actually haven't that's that's wonderful so if youve serve jury duty this is an that's an opportunity to directly interact with the law and its application where you are but isn't it more interesting to be back where the

law is made before it ever gets made and fix the problems in it fix the concept of a lack of sunsetting on outdated Tech bills right fix for God's sake the 1986 Computer Fraud and Abuse Act okay everybody in here has um if you haven't please look it up this is the this is the law that governs the reason that we're all just a little stressed about the Wireless in here today right this is the thing that is stopping many of us or has stopped many of us in the past from being safe keeping other people safe or being clear about some of the vulnerabilities that we've found so I want to see people in here actively

seriously working on trying to change that law so this is an opportunity at two to three orders of magnitude to impact us politics and that's going to be it's really rewarding is the best way to put it it's super rewarding meaningful and purposeful for me so one of the things that will also happen as you step into and out of the opportunity to testify is you're going to get a chance to meet some of these Representatives some of your legislators policy makers and Senators you'll also meet their staff their staff are going to be the ones who end up making in general the final decision on whether or not you testify and whether you come

back make friends okay make friends in that moment offer assistance be the person who who reaches back out if they ask you for it and summarizes a current information security event with an easyto use analogy for their principle do you know what that word means in this context their principle okay for those who don't the idea is that a principal is the person that they're there supporting could be their policy maker in general it means somebody who's like they call them like a political or um somebody who's elected all right it's the person whose name is on the little billboard thing but I promise you they did not come up with that question about you know relevant

vulnerability disclosure mechanisms all right that was one of their staff that did that and they've written those all down okay this is your chance to meet the people who are writing the questions that Senator Blumenthal or you know U Senator Hassan are going to open their mouth and ask you in that moment and this is your chance even to help influence the questions that need to get asked in future hearings okay this is super frustrating it's so frustrating every time I I get a chance to talk to policy makers and be part of that world it is so opaque it's not transparent I was like can't couldn't we just and hear me out on this guys

couldn't we um couldn't we just like you know submit a PR and like couldn't we just figure out a way to make this law something that people with expertise can be part of can contribute to can fix directly and the answer is nope they they don't want it that way it's it's not a thing we can do yet the closest we can get to it and this is super amazing is respond to public requests for comment rfc's whenever you see somebody trying to do something especially at sisa or the FTC or anybody who has anything to do with uh with with requests for information on cryptography are there any pretty decent cryptographers in the room it's cool if

there's not they're they're kind of like scattered you have to bring them all together in a group and then you know give them food and then hug them a little bit and then back away because they didn't want hugs uh but cryptographers are very important in this conversation because a lot of the conversations in policy are around emotion around think of the children around um you know safety as opposed to security so policy makers will respond to in that moment when you've got their attention emotion they don't respond to the technical arguments that we'll all make but if you've got a great analogy about how it keeps people safe this is the moment to deploy it and practice it

last point this is also your opportunity to especially to the staff of anybody in that room mention the name of other qualified people that they should be talking to please consider the idea that somebody who is experiencing less privilege than you may have a harder time breaking into these Halls of power barring the fact that I am a woman I experience almost every privilege imaginable okay and I have found it unbelievably difficult to get included in a lot of these rooms and I am here to tell you that black women uh members of the visibly queer Community find it incredibly difficult to get into those rooms and be taken seriously take this opportunity to get them in touch

with the staff that are writing the questions and have their voices heard okay all right so who here is interested at this point in doing any of this work in in having conversations good I see about 10 15 people in here that are raising hands that's good by the end of this I want there to be more because I'm going to tell you how to make this work so what's going to happen when somebody thinks you should testify they're going to circulate it uh internally they'll Circ your public profile if you've recently written an op-ed if you've recently um been on TV doing conversations about information security if you've done anything that's gotten some notice you

may be more likely to be asked to have a conversation about this because you're seen as more of an expert okay that may or may not be true and that's one of the reasons you get complete idiots testifying in front of Congress okay so the media is is part and parcel of this learning to work with them a little bit can sometimes pay some good dividends I strongly suggest for those of you like me who are upon occasion a little bit awkward consider writing maybe uh as opposed to appearing on television um it's it's a little bit stressful to do that and sometimes it's hard to do it in person and live um without coming off

like a giant nerd so uh consider some writing get some local attention have conversations with people in in your community about how to get your voice out there you're going going to get it some kind of like this informal nudge like a you'll get somebody who who will reach out to you and be like hey I did this thing this time is this ever something that you're going to be interested in you'll get a little nudge like that and that's the moment when you get to think to yourself do I want to do this do I want to contribute to a group of people who might be working on testimony if you do that's the moment to be like yeah

absolutely I'd be happy to to jump in on that this is also hard because many of us who have uh lives uh caregiver duties outside of work this is extra work this is extra logistical and emotional work for you be aware of that I don't have children I don't watch appointment television I have a profoundly supportive spouse and as a result I have some of the extra bandwidth to do this it doesn't feel like it all the time but I do have the ability to do some of this and I find it meaningful if you do consider the opportunity for yourselves what's going to happen when you get invited to testify a lobbyist pause for

impact is going to ask you if you are interested in doing so they'll likely have a hearing that they want you to attend or want you to know about for the future this may not be very far away it's not like Defcon where we know it's going to happen every year it's not like they schedule these things regularly what will happen often especially if it's an important one is it'll come up right away they'll schedule a hearing on a major issue that breaks in the news Within seven to 10 days within days often and that's at the national level at the local level you may not find out about it until the day before the hour

before that you might be asked to do something like this in all likelihood especially if it is your first time doing this kind of testimony you're going to get told about it four to six weeks in advance because the hearing will be on the legislative calendar folks go look up the legislative calendar when you get done from here and you can take a look at the Washington State Senate and houses legislative calendar their schedule of hearings for everybody in this room what you are interested in is environment energy and Technology committee for the US Senate or for the Washington Senate environment energy and Technology committee okay those are the people who pretty much in general are talking about the stuff we

care about if you're dealing with the intellectual property people the trade people they're going to talk to more lawyers really than actual technologists so look for the legislative calendar and consider just a attending one uh and that's because it's going to be super super interesting when you show up you might know just a little bit in advance or weeks you will be told or you should ask how many minutes you will have to testify it was my experience that I was told that I would have five minutes to testify for that first testimony for right to repair I was given two minutes and in the time between me finding that out about 10 minutes before I was going

to walk up to that podium I was told that information and I had to strike a bunch of my testimony and get it down to under two minutes okay so you may be told that but it may also fluctuate I'll tell you how to prepare for that in a moment there's going to be a person who's going to help you through that day when you drive to Olympia when somebody takes you to Olympia and you see the capital building okay if you haven't been there before parking is shite get there early okay um prep for airport security you'll be fine if you can get through TSA you're fine getting through security there they're kind of terrible

honestly like I I brought my husband and you don't want to know what he got in the door oh my god um he was like babe babe look at that I was like don't okay um he doesn't he doesn't really do that he's way cooler than that he's way cooler than me um so prep for that you will pay out of pocket to do this if somebody else is paying for you to do it guess what that makes you right so this part sucks because economic privilege is also at least partially required to do this for my Senate testimony it probably cost me 3500 bucks I mean that you know it was an expensive time a year I got to buy

meals I got to fly there I got to get a car I got to get rides and stuff like that it was the 3500 bucks probably to do the two the two or three days because you want to arrive a day early to make sure nothing happens with your flights right it was expensive it's always expensive to do this be aware that that's the case and the legislature is not going going to pay your travel expenses they want to know if you will show up on on your own that's part of why you see the visible privilege of the people in the room because they can afford to be there and they have the time to be there and they have a wife at

home taking care of the kids I mean bluntly that's what's happening okay um so and I'm I'm being super super real wait till we get to the non-video part of this situation but you're going to pay out of your own pocket for this travel when you prepare for this write your testimony word for word skip your citations they assume that because you're there you're the expert you're the one getting cited that's kind of cool actually just make [ __ ] up if you want um don't do that so write it word for word okay and I will also by the way folks be releasing these slides online so all the information including clickable links will also be out there

for you okay um have it reviewed by a bunch of smart people all right people that know what it is like to testify at least one person who knows what it's like to testify at least one person who has helped review testimony before at least one person with experience with the legislators or the committee that you'll be testifying in front of okay have it reviewed again and again when you think it's ready to deliver think about the time limit that you asked about before in my experience it is very difficult to get out meaningfully in front of a crowd more than about 70 to 80 words a minute when it comes to legislators I'm going to speak for the rest of this

slide in the tempo and tone that I would use when speaking in front of a legislature the reason I'm doing that is to let you know what it's like when you deliver your own testimony in front of a bathroom mirror again and again and again time it all right build it very much so there are Parts you can take away and add if needed very easily in just the period of time that you are sitting at a desk or at a table waiting to testify you may discover that the people sitting next to you have said something interesting and you want to add a single line that is a joke or plays off of what they said or simply

acknowledges who they are and in my experience almost no one remembers to include the timing of thank you for the invitation to testify here before you today senators and members of the committee that takes like 10 seconds just by itself and you got to be polite deliver it again and again and finally be funny but only if you can be real all right now I'm going to Speed it back up again we're never going to get through all this when I wrote my original testimony for right to repair I included a line that was not written entirely by me I'm an offensive information security researcher that's how you pronounce hacker when testifying in front of a legislative

committee um it was it landed and it's what really worked in that moment it was real and I meant it don't be funny because you're being cute be funny because it's true this is the line that resonated with the people in the room who were listening to my Senate testimony how many of you are familiar with the Cyber safety review board good right now and this is still true if the csrb was operating the NTSB right our Aviation Security folks work like the csrb does now NTSB investigations would be conducted by the FAA administrator the chief pilot at Boeing and the chief Revenue officer of Delta Airlines that hit home for them in a way

that was meaningful and it got interest it got attention the reporters in the room understood what I was talking about and that's the reason this is the thing out of all of the stuff I said about wan to cry and vulnerability management and the processes and procedures we needed this is the one that popped for them be funny but only if you can be real here's a very real moment and it is possibly the only time he's ever actually been funny Senator we run ads it's true and every one of us was roaring as a result of seeing this because it's true uh and that's why it was funny okay now let's also talk about what that reality

looks like when you're bringing all of yourself to that kind of testimony if you're scared about not showing up the right way or or or not sure if you'll represent your community the right way okay everybody in here can bring their real true selves to this and I'm going to show you the single greatest example of legislative testimony I have ever seen I give you Mr G Snider of Twisted Sister this testimony was real and it was true and it was joyfill and funny and it made an impact because D Snyder brought what he was to this moment and it worked he wasn't playing to the audience he was genuinely bringing himself and a representation of his

community to the legislators there he wasn't playing to the room I watched um Hassan minhaj I think do a do a testimony where he was clearly playing to the room instead of testifying to the legislators and it's one of the reasons I don't use it as an example here this is the greatest testimony I've ever seen you can be you you can have blue hair you can do whatever you want to do in that room as long as you are respectful and truthful and um and your community would be proud of you okay you're fine doing that so the day you testify you're going to be so bored oh my God you're going to be so bored

because you're going to get there like four hours or going be like I just I wanted to make sure I was here on time and then you're just going to sit in a hallway on like some cold ass like granite or whatever and be looking around and it's going to be interesting for about five minutes and then you're be like all right Candy Crush whatever it's going to be boring uh and then it's going to be terrifying for 20 seconds you know it's information security right 99% boredom 1% total Terror right uh so this right here is really surprising to me your room in which you testify is either going to be like fully empty or it's going to be so

jam-packed people are going to be roaring from the Halls distracting you'll be um I don't know I was more nervous in the empty room than in the packed room because I know what to do with an audience but an empty room is a scary thing right like you're there's no way to tell if you're doing it right so that's really nerve-wracking for me personally I don't know what the experience of folks in the room is just out of curiosity like um for for the folk in the room would an empty I'm going to ask you you know empty or full would an empty room be more frightening or problematic for you how about a full

room that's about what I expected it's about half and half honestly right and so be be prepared whatever your your scary version of that is be prepared for that to happen to you okay and just be ready for it maybe get a sympathetic person in that audience that you can you can't see the people behind you you can see the Senators focus on one kindl look person who's probably like a 23-year-old staffer sitting behind one of the legislators and if they look like they're like oh yeah just like look at them okay don't let it freak you out because you can't see what's happening behind you but you can hear the rustles and laughs of the crowd and it's like

there's this time delay a little bit in what you say when that happens bring a device and bring three printed out copies of everything that you're going to say bring a highlighter and bring a pen all right the reason you're going to do that is because in the moment when you're delivering the testimony or even just a few minutes before you may discover that there are segments of the testimony that you need to strike out you won't have time for them or that someone has said something that causes a problem with what you're going to say choose to have either a very reliable electronic device from which you can read your testimony uh or you can have a piece of paper I used

paper for the Senate testimony and I originally used uh my iPhone for the original right to repair testimony because I discovered I needed to cut a bunch of stuff quickly and I didn't have a way to do that on the paper I was holding so be aware that this is a technical thing be be ready for the live demo to fail okay that's that's really what it is right there the questions that are going to happen are going to come not from the policy makers it's it's going to happen because a staffer is going to lean over and they're going to whisper something or they're going to pass a note to the policy maker who will then ask a

question of you if you get asked questions at the end um and if that happens the policy maker might screw up the question don't laugh it's the fina one oh [ __ ] the fina one um still to this day it's it's hard um but be aware that they might screw it up answer the intent of the question don't point it out I know we want to argue and clarify um I I know we want to be like well is what you meant you know or you I think you might have meant don't do that everything is start with thank you senator for the question and move on into answering the question you think they're asking if you need to say um I

think I'm giving the correct answer or I think you're asking me about if you need to but not if you don't don't waste your time all right and time is going to go so fast you're going to be in and out of there in a blink you will barely even notice it happening when you read your original testimony that you have written down or on a device it's going to happen really quickly don't speed up all right if you need to and I've I've had this happen before get a card where you have four little circles on it all right or get used to doing it under a table and one two three four and

just use whatever your personal pattern is or tapping your foot or anything unnoticeable it could be just any of your gestures any ways that you cope with the pressure of being in front of an audience or need to use to self sooe do it absolutely just practice in advance so that you know it is an available technique to you okay like this is the only audience I've probably ever had to say this to because most people would have no idea what I was talking about with like here's how you chill out when you're trying to be a technologist and get information across fast chill out right you could do it all right time's going to go super fast

what's going to happen right afterwards a policy maker or legislative director it's an LD they're going to say LD a lot um this is the person who actually does the stuff behind the scenes right this is the person writing or requesting or discussing legislation the legislative director May reach out to you and say hey can we set up a meeting can we talk to you can you suggest more people uh for us to talk to that is a person that you definitely want to make friends with they want help they're asking you for it and this is a fractious um frustrating beautiful community of people and there are as many opinions as there are people in it right so if they

want you to summarize things for them remember that they don't know all the stuff that we know all right and that your job in that moment is to translate with Clarity on behalf of the community as opposed to kind of go off on a tangent I've done that kind of a lot and it it doesn't help okay all right organizations by that I mean nonprofits or companies or um legislative directors anybody at all who see you do this well and with humor are going to ask you to do it again all right you might be asked to do so on a national level in that moment you've already got a crew almost certainly you won't be asked to do

National level testimony if you've never done it before or have never participated in the process before this isn't going to come at you out of the middle of nowhere okay this will be something that you are um a a a very well-known expert in and I have done a lot of work on the csrb okay that's the reason I was asked in that moment to come and testify all right you might be asked to do this it's okay if that happens um get friends you got a crew stay ready to speak if you want to get called upon often it's pretty common for state legislator to have someone drop out at the last moment and if they have

a technical expert drop out of a hearing you could get called on pretty quickly especially if the organization that is sending somebody knows that you're competent to do it they'll brief you and say hey hours from now someone dropped out could you show up via Zoom could even be in a different state um I think I testified once in New Hampshire uh a couple times in Maryland maybe um but a few times that I've been asked to show up sometimes they haven't even gotten to me in the hearing but I was there and was available you may show up and find out that they never get to you they might just not call the section of panel

that you're on so there's some frustrating elements to it but just be ready to speak if you want to be part of this community all right last part about this find your allies in this moment find allies that can assist you in getting your voice heard and where you can provide them with more allies let's talk about what an ally looks like this does not have to be a dirty word lobbyists are the people who are paid to convene appropriate experts to get ac across a point of view and there are organizations that we all know and are proud to be associated with that have lobbyists few of them are solely lobbying organizations but many of the

organizations that we know and are proud to be associated with engage in policy lobbying their titles usually aren't lobbyists usually their title is something like director of government Affairs or policy director and pretty much when you see somebody get advertised for with one of the big companies and their title is going to be director of government Affairs or policy director and it's a mandatory relocation to Washington DC that's going to be their job right they're they it's 80% that's what they're going to be doing and they have to be there because this process is a is a personal one it is a it's a handshake one still and it is opaque and people who know how to navigate that opacity

are the ones who are successful in roles like this um I don't I don't think I ever want to do that job I I like doing what I do um and at the same time I find myself often um thinking to myself I I wish it was done better and that's a very short step away from me deciding I'm gonna I'm G to do something about it so so here are some organizations that Lobby us perg the public interest research group is an organization that has a bunch of local organizations that do work on right to repair abandoned wear E-Waste the uh uh consumer safety and product safety all right so the kinds of places that that uh that do

work on whether or not something needs a product recall all right us perg is the organization if I recall correctly that was uh that was reached out to and then um was partnered up with an organization called secure repairs secure repairs is a little teeny right to repair organization that was founded by Paul Roberts and I knew him back in 2019 I knew some of the folks involved with it and some of the people involved with perg these are folks who work in the public interest who Research into safety information security um device security that kind of stuff all right and they Lobby they Lobby for wrer repair bills to get passed eff they have people who actually work

on this right that work on lobbying to manage the information security knowledge deficit in Washington DC thank God that they do it right uh ACLU we all know they've got lobbyists right and same thing for Center for democracy and Technology right these are organizations that um pay to have somebody explain how technology works well to people that need to know it in Washington DC they may they're not I don't necessarily mean they're lobbying on behalf of like a political party this isn't necessarily partisan at all but they are lobbying on behalf of an issue to try to solve a problem right information security consumer safety equal legal protections and what whether or not the internet is

accessible to everybody okay these are organizations that can help so where are your local organizations again I'm going to make this publicly available for you okay how do you find local organizations this one right here was perg all right per dog.org Washington that's the organization called wash per that's the one everybody in here like throw them five bucks because they are the ones that are in Olympia trying to make sure that right to repair bills aren't quashed by lobbyists for large tech

companies who are trying really hard to keep devices protected so these are the folks you want to throw five bucks at um EF the Electronic Frontier Alliance are the local organizations go to the one that and you're looking for any organizations involved in Washington I happen to know that the eff will be coming to the state of Washington over the week of RSA God damn it so if you want to reach out to those folks um the uh the eff is going to be doing a couple of listening tours and some conversations like the 6th 7th 8th of May I think so and I'm going to be not here and I look forward to finding out if anybody got a chance to

connect with them ACLU of Washington these are also folks who do work on things like social um uh data privacy I know a good friend of mine Savannah Sly who now runs the new moon Foundation used to be at ACLU Washington and what they were working on was Data protections and privacy for sex workers right because there there's we always need to think about the fact that that people at the margins of the community are the ones who are the most likely to be the canaries and the coal mine of eroding protections against surveillance and data privacy so this is important work to be doing and if you're interested in it reach out to these

folks nationally this is how you get a hold of the folks from Center for democracy and Technology those are the people that you want to have a conversation with and nationally hackers on the hill who's heard of hackers on the hill yeah that's because this guy founded it and you're gonna have a conversation with him in a minute uh now these folks down here they don't do Tech or they don't do Lobby okay hackers on the hill just does the tech if you don't know where to go to get help on your testimony and you want to know whether or not you are full of [ __ ] before you deliver testimony to the legislature

call them well email them right who's got a phone so this is um this is your moment where we get a chance to really um kind of get real about this I spend a slice of my time in this world because I care deeply about it because I've got a background in it my day job I'm I'm the CEO of Red Queen Dynamics we do SAS compliance for small businesses through their managed service providers like I I'm a I'm a dirty vendor a dirty dirty vendor right we build a we have a security product that we sell through Channel sales to msps I love what we do because it means that people who normally don't have security

protections or anyone doing the emotional work on do you have MFA you know do you have you done an asset inventory this kind of stuff we've managed to make it something that is accessible for people that don't understand what information security is or means to their small business because there's never been the CEO of a 30 person trucking company that cared much about an asset inventory when trucks weren't driving right so that's a thing I care about person personally and I think that this is the reason I care about this because RIT large what we are all dealing with from Senators to to anybody that you might walk out on the street and have a conversation with are

people that don't know enough about information security to make good decisions that's what I care about and I care about the idea that someone might be disempowered to make their own decisions about information security all right so these are the folks that you want to have a conversation with with now last but not least what I want to do is do an AMA now I uh I have asked that we turn the recording off is that okay can we turn the recording off in a minute one last one last second what I'll what I'll say is if we're going to end the recording portion of the conversation what I will say is I'm glad to know that we are ending it because

otherwise I would just say it's such a pleasure to be here with you this afternoon members of the committee and thank you for your time today