FUD is Dead, Stand up and Be Heard

I swear sometimes they don't so that's me first and foremost I'm a hacker researcher I think that picture is a joke because I was like one of the things I'm most frustrated with in this industry is fact that certain organizations in particular certain people still love to kind of further this notion of what a hacker is ready for Heidi not with our hoodies and her basements and doing those nasty things we do I thought my life people ask me you know how did you become an actor well I didn't really become when I was kind of for one night guess-who Nessa seemed for a lot of those people in the room here age of 12 I bought my first

computer and bumped Lea not annoying when I was doing and I actually read the manual which was the first mistake when it tells me the first thing to do is to insert this one and run Aptus not realizing of course everyone's already installed so I learned how to install the operating system and software really early on and that kind of got me going I've been there ever since I've talked itself programming and now they use my passion you know I like to get out I like to talk to people and that came to goes to my second point I also a security evangelist now look do you have a man to us I've been searching for a better tutor

so if someone has something that more accurately conveys what I want to talk about your police let me know security of cares less that's what they are here today like I said I've got a passion for this stuff I have for many many years all time distortions always nice so really this is something I cannot do further out I like to share my ideas I like to hear my ideas challenged I like to hear other people's ideas in greater perceptive I like to know what's their ideas too sometimes you got to be a little more careful with that last one because not everybody takes that so well oh and then quietly I'm an information security professional it just means I do

this for a living yeah so I've been working for a number of different organizations I started honestly as a in a financial services space leaning they're called the security test team so we did all the content testing all the vulnerability scanning all the vulnerability management that's always fun and so you know that partly into consultant role right but ever since I've been doing pen testing three years and then I decided you know I made that one step into this thing we call management and it's funny how the skills start to go away when they do that so I will tell you this this is probably the least technical talk I'm going to give this year it is

also probably one of the most important in my mind because we're going to talk to Danny this thing oh [ __ ] now that's a term and I was just asked and so I looked it up goes back a lot of ways we can kind of trace it back to 1975 matière doll started his own company you know he left IBM and he was talking about you know the sales motion of IBM sales people what they did to try to dissuade people from riding and all products well we didn't security you know this term real well because we use it a lot and so I'm gonna start off first as I said I'm a security professional I started you know

as a pen tester and as a gift I retire into management I've learned a lot of things I've learned how to coach CISOs and how to talk to their boards I've learned how to work with executives but it wasn't always that way so I'm not to make work for a financial services firm and so we're going back to you know the early 2000s this would have been and we needed a new ball mobility scanner and I and my project team a whole lot of effort we you know we went through multiple tools we rated each one of them we you know we had our set of requirements we knew what we were looking for our final results I

took them to my manager oh I produced this great presentation and we talked it through and he loved it it was great this we were gonna get all this new functionality out of this we're going to be able to discover parts of our network that we didn't know existed because we've just gone through a massive merger oh this was gonna be awesome alright so I'm gonna fire it up and then my manager looks at me and he says you need to pitch this to the executives okay I've never talked to the CEO of my life I'm you know at this point 20-something years old uh sure this sounds exciting right so the goal was I was going to

talk to the CIO the CEO and they're also here the president of the board you know for someone who is the security engineer who's in her 20s that's that's the 20s so you know I had an awesome presentation we have all this great material I knew I was gonna go in there and I was just into rocket so I was gonna teeth you know all that material that I just put together all the stance everything else I'm gonna go in there not get dead and he says to me were together a presentation for them and just give you a presentation wouldn't mean so it started going I mean that something was different all right well their business leaders why this is

important stuff don't get it don't work with us Simon okay so I put together our presentation it was new it was a little different I'm holding a lot of the stuff that we've done obviously and they set up to me 9:00 a.m. Tuesday morning I walk into the workroom at our corporate headquarters which at that time was in Jacksonville Florida and I sat down and I gave them my message and what was my message well I wanted a whole lot of other things it was a lot of fear these are all the horrible things that hackers are trying to do to us this is what it's going to cost us if hackers get in they're going to destroy us and it's

endorsed of all uncertainty yeah you know it it's so hard to know where they're gonna target next because we have so many different systems out there some of them we don't even know about and it's hard for us to see for sure where they're gonna come in and we think this system will help us what I wasn't done I also have a person down on top right I really wanted to scare these guys into it's a doing what I wanted them to do so I added the talent the you know nobody can defend a hundred percent against attackers I thought we're ever going to be truly safe you've heard that message before heavenly we've delivered that

message before it's not untrue it's completely true in fact I I now have a shirt that says unhackable here hold my beer because I'm tired of seeing vendors talk about yo D breach proof if you buy our software but the fact of the matter is when you're talking to those high-level executives and you're trying to win them over this message that I put out there it failed miserably we did not get the money we wanted to that massive overhaul now I can see it's related I can't say that had he gone out and what the new vulnerability scanner environment that was gonna give us all these devices and all these new areas of our network and do all this

wonderful discovery have all these new features in reporting that it wouldn't have it but six months later we were breached big idea through a system that we didn't know existed like I said we went through a merger we absorbed a lot of new systems a lot of new parts of the network that we just simply didn't know existed and we were breached no again I can't say that ability scanner we would have prevented this I mean this happened six months later so you know maybe not what the matter is I felt like a failure I felt like I had an opportunity to do something to improve our environment to make us safer and I walked into that

meeting and I failed to deliver a message that resonated with the business leaders and failed to capture their attention and motivate them to do something different so that's what I want to talk to you guys about how do we get away from this message and move to something better so if you read the extract of this talk I promised you interactivity yeah it's time to get the audience involved how many of you have children good this is gonna work really well how many of you were a child yourself we got

with your parents or you have to talk with your children about saving money here I guess they're more like a minute it's okay so we're good to talk a little bit about I want to encourage my teenager who's getting their first job to take some of that money and put it into savings so what I want from you now are ideas what are things that you can tell any teenager about why they should be saving money new video games like that what teenager does not like video games what other ideas do you have out there what else could you do that might convince a teenager you don't know what the future is going to be so we're preparing for

this the future this is kind of fun taking on the engine all right I heard one over here stop paying for that you're gonna stop me for their stuff okay I like that that's cool fix that minute what else what other ideas how else are you gonna convince them how does our expensive any other ideas alternatives I think that's really cool I don't know why I stopped showing this you know you can see kind of the right side and left side you see what I'm doing here right what's that your stick right on the Left we've got a bunch of stuff that are threats we've got all the negative things all the uncertainty about the future and on the

right we've got those things like here's those cool rewards that you can get if you save your money now as you look at these and put your teenager head on which one of these is the one that is going to motivate you or feels exciting to you like oh yeah that's why I got to see him living naturally he'll be right all these exciting things I can go out and get so let's talk a little bit more about why that is number of years ago a public health system in New York State Hospital North Shore University Hospital for those that are familiar with New York nets on Long Island they did a study as we all know in hospitals spread

of infectious diseases spread of infections in general is a big issue right and one of the most basic ways that everybody in hospitals are taught to help prevent that is simply wash your hands so each time you go in and you meet with the new patient before and after you wash your hands everybody in the hospital is trained on this through just like we do security awareness training they do infection training they do this over and over again everybody at the hospital is training they wanted to study how often are people actually compliant with this policy so the first thing they did was they hung hidden cameras they've hung surveillance cameras over all the states monitor

whether people wash their hands on the way in and on the way out yeah the employees were aware of it it wasn't you know these were like you know cameras and bathrooms and weird things that we really shouldn't do as researchers they were aware of it they knew these cameras were there they knew this study was happening with the cameras and police in their knowledge at all their training less than 10 percent we're compliant with policy for this reason ten percent so this doesn't bode well but they decided okay how can we want to be done differently and this is what the study was all about the next anything was installed this place these displays were set up to provide a

positive message husband remember to think back to each person when they wash their hands this is simple and it seems almost childish right like I'm gonna have a little you know LCD display here it says good job yesterday that's all they did you know what happened this is it's gonna be Mike coming when you see this almost 90% compliance all that changed was they added those screens that said hey you did a good job Thanks for washing your hands different Nets of getting away from messages of fear you're gonna get fired if we see you not washing your hands and it's sad people - a message of something positive it doesn't have to be spectacular it's just gotta be a reward

so why is this so this is the neuroscience study so that's that's part of the neuroscientists right now right so what we see as you seem displayed here and an indeed this is a concept in neuroscience is that if I want to discourage action I want to keep you from running into the lake because you don't know how to swim I want to keep you from putting your hand on a hot stove because it's gonna burn and it's gonna hurt the best thing I can do is to talk to you about those threats and instill fear however what I want to motivate you to do something like put money in a savings account or wash your

hands before and after you see a patient the best way to encourage action is to come to you kind of reward let's talk about why that is so when I talk about threats and fear and I put that threat right put that fear in your mind it triggers your stress response and this thing you've seen that the brain scans it doesn't have to be a fear of dieting it doesn't have to be a pair of serious injury any form of fear triggers those stress regions of your brain and it's all the kids are that kind of quite Earthflight we've heard that talked about I'm sure plenty of you are familiar with that concept the facts here is our natural

reaction is to avoid those sources of threat so when we are presented with something that's scary that's causing us fear our natural reaction is we're going to stay away from that so we're going to look for ways to move away so we think about the leak example for instance you tell me I'm gonna drown because I don't know how to swim my natural reaction is I'm gonna stay away from the lake you tell me I'm going to earn my hand on that hot stove my natural reaction is something to stay away from the snow that fear that stress it causes me to stay away it causes me to avoid that thing that's causing up here that stress

now what we see is there's the issue here with how do I associate that fear what was the input that created that fear so when we use fear to motivate somebody into not doing something which sounds weird motivate you to not do something maybe we have to be careful because we run the danger that that fear that their feelings gonna get associated with us rather than thing that we're telling them to be afraid of we'll come back to that later but let's talk about rewards what's different than we do when we offer up a reward well first of all like I said this is the thing that's going to encourage them to take action the reason being we've been conditioned

through our lives that we need to undergo an action in order to earn a reward as a that's a pretty typical thing if you want to be successful you've got to work hard if do you want this thing you've got to save money for it that's how we fortunate as human beings when we sense the opportunity for a reward that we want our brain literally initiates a call to action and when we're successful in achieving that reward there's a dopamine release anybody who's studied anything with dopamine you understand how addictive don't would mean can actually be all those drugs that people are getting addicted to it's because they're releasing dopamine so this is why reward

is so much more effective than going out there trying to put a bunch of fear in people's minds so we can turn that to the business world we think about security we think about the fog we think about fear and you look at that you're like okay so if I'm trying to encourage my executives to invest a bunch of money millions and millions of dollars when there's a new vulnerability scanner that's going to hopefully fix a lot of our problems and I go in there with fear uncertainty down I'm not motivating them to do anything I'm motivating them to stay away from me we're just yet they may associate that fear that they feel when I talk about security hackers are

the third wall may associate that to me and now they don't want me in their meetings they don't want to hear for me and we see this right now today if you go out and you study how boards how executives you the Cecil role there was a study done in the UK not too long ago and you know the number one answers for how they were viewed was they were the bad news guys they were the ones that you know were always doom and gloom that's a problem they avoid us they don't want to hear from us because all we do when we walk in that room is be scared them so let me present to executives there's an

important thing you'll be the fun wasn't the only issue right when I walked in there I didn't really understand who my audience was I didn't understand how to talk to these people I walked into that room I had all these numbers I had all the technical details of your network segments and capacity and all these wonderful things but when I'm looking at different layers of management I need understand what is the message that I'm gonna put out there that's gonna resonate with them now we can simplify this another good night you'd like to keep things simple it's a 15-minute talk I don't want to get too deep into this anyway but if I break down management

into really four structures for different audiences you want to be aware of and you may not always be presenting to all of these obviously we start at the top the board of directors right there try this is a little small but you'll catch on board of directors they said that the thumb of our organization of course interviews the entire organization and they have a very high level view underneath them we've got our executives and when we talk to executives they've got a high level view to what they're already feeling the pressure of the board above them and they're feeling the pressure in a massive business underneath their senior management now we're talking you know so our executives we're talking

you'll see sweet may be our EVPs RSVP is not were done to do a senior management maybe those bps and directors now we've got our managers right these are the folks who are kind of on the front line so what motivates these guys how do we talk to them and make sure that we get what we want out of these very levels and make sure that our message is being targeted to the right audience well some of those managers many of you may know this already maybe you don't but managers are really they're focused on their tactical there are the ones that are gonna want to hear the technical details of how did each one of those

solutions score which one gives us the you know the best reporting which one gives us whatever what are the what are the criteria that want us over they're also the ones that are going to be the most project conscious this part has they're given a very limited budget that they have very little control over so they have to figure out how to spend that money and oftentimes they don't have the ability to by themselves invest in large projects all the time they don't so they need that technical understanding but at the end of the day they're the ones we want to talk to when we're trying to address some type of operational concern that's the message

we bring to them Haley you can you know we can hit more servers if we install three new appliances and these locations that's what they want to hear when we start moving up the chain we get the senior management that starts to show senior management not restarting to focus on more strategy I don't need to know about an individual data center that we can't scan instead I want to know what is our strategy for security how does investing five million dollars in a new vulnerability scanning infrastructure help us address our overall security strategy these guys are starting to worry about financial performance now they're the ones that you should have a P&L attention to that

work they have someone like an expense budget that they've got to operate within and so these are the guys that they're going to have a lot of questions around the cost you're the ones that start talking about things like return on investment and we'll talk later about why that is a horrible term to use in the security space anybody who follows Bruce Schneier is blogging probably read a blog that he has where you talks about exactly that as well oh what the other ones are going to ask these types of questions they want to understand I'm pouring this much money into this you know once it was between and these are the guys were not we can

talk about business efficiencies they're interested yeah managers like to hear that too because they've got limited resources that's where you start to get to the senior levels of management that now that higher thought process of business efficiency across the board starts to come into play and these some people we want to address those makes us our new minister when we move up our to our executives now we're not wearing the c-suite now we're talking to those EVPs and s VP's it gets more high-level less technical you all know this but now that strategy that we're talking about it's no longer our security strategy now they're talking about our business strategy what are we doing how to

security fit into our overall business strategy sure you're gonna see so there hopefully nowadays we're getting more and more of those who may be worried about security if not as many the CIO yeah see you also know about security but they're always thinking about it in terms of a business context I may keep our name out of the news or things like that that you guys hear out there that's what they're focused these are the guys who want to see innovative ideas they want to see big ideas if you're going to launch the new vulnerability platform scanning platform what does that give us in ways that we can do something new and innovative as a result these we can't

worry about our market performance how are we doing in this space what are our competitors feeling our competitors doing more mobility scanning what are they investing in are they finding their vulnerabilities are weak less secure than they are are we more likely to get hacked than they are these are the guys asking questions this is also where the buck stops when we talk about managing your risk so you know in the security space especially when we're talking to a bunch of hackers like me risk that word kind of makes a lot of us younger because we start thinking about risk management and compliance and all these things but those are important concepts that obviously we have an input into and we

can use that to our advantage these are the people who need to hear that message because honestly when all of sudden though they're the ones on the hook for it and finally it's the executive level where business growth becomes crucial next their job is to grow the business they're not there to make sure the business is the most secure thing in the world yes that's the C social role I agree but even with the C so the reason they exist is to enable that business to continue to grow next is their job so know that in the back of your head this is what we call empathy or emotional intelligence it's understanding these people I'm

about to talk to how these motivations income I didn't use that to manipulate their response and then frankly when we get to the board of directors these guys if you've never sent the board meeting before it is a completely different experience if anything you've ever seen in any other business level the way that these men and women thing is actionpoint impressive what they're thinking in terms of market innovation they're not talking about human innovation within the organization they want to see ideas that's going to change the market for that business so if I'm in retail what am I going to do that's going to take on Amazon and put me ahead of the pack and do something that no one's ever

done before that's what the Board of Directors wanted here they want to be out there leading the market space with something so new and different something that's gonna capture the eye of the media they're also of course worried about the stock performance we're small most of our questionnaire holders more importantly they read they're responsible to the shareholders that's their job that's why the Board of Directors is there to make sure that business runs and at the end of the day they're accountable to the shareholders to make sure the business is running ethically that it's running sufficiently and successfully because of this they're looking at long term factors long term strategy three five seven years out

sometimes this is funny because a lot of those board members won't be there for seven years but yet that's what they're looking at because that is what the shareholders are expecting them to have a plan for so what if I'm gonna go to a Board of Directors meeting and I'm gonna talk to them about security I need to be thinking at that level as well so I mentioned before the idea of our ROI does not exist in a security space in my opinion and I'm not allowing that I mentioned mission IR before he's got an epic blog about it how many of in here I've ever heard of the idea of annualized loss expectancy that's

actually not bad that's a little less than 50% that's good I don't see that all the time in the security world a lot of people you don't hear this term levels of management and that's a shame because as security consultants or security professionals within an organization's do something we need to be aware of now there's good and bad with us right so annualized loss expectancy is literally how do i quantify the risk for the business how do I put it in terms of dollars and cents the risks that we face from security issues to components to this the first one's kind of easy it's the idea of Stephen lost expectancy so if I have one incident how much money is that

gonna cost me now we can pull in a lot of factors here certainly there's a lot of information in the media today about the average cost of the breach okay cool I can work from that I can start to pull it in that's pretty simple I can also look at the value that a particular business line has to my business and I can start to pull numbers from there I can look at the cost of cyber insurance I can look at the cost of incident response retainers that we have I can look at those raids and how long I expect we can do a lot of analysis here the fact is there's a lot of numbers to

work with so signal loss expectancy is pretty easy to put together this is the one where we fall down annual rate of occurrence of how often are we going to get hacked try to put that in a number for a minute how are you going to express that how do you go before your board and say this is how often we're going to get packed what if I install this was then new leaky box thing that you know rapid seven or octave you know company du jour says we need it's gonna this anybody out there really confident saying yeah that our aro is going to go from this to this if we install this new

device personally we know better the problem with this idea of a role in particular is that it doesn't account for those heavy-duty wide-scale very innovative attacks that we see and it doesn't cover for emerging threats there's no way that we've found it so hard to pull those in so while al Eva's analyzed lost expectancy is something we need to be aware of and be able to speak to because you're going to get asked about it when you talk to executive levels of management for sure don't rely on this because it's incredibly incredibly difficult to calculate anything that's going to be accurate at the end of the day this way you hear a no that's my wildest guess so let's do

better if I'm going to pitch an idea for a security initiative whether it's installing next to a ten-point software whether it's expanding the role of our penetration testing we want to get into purple t mean or we're going to do threat hunting and I want to make that effective how do I to tie this back to the business I need to speak in business terms if I'm going to motivate anyone beyond my management level if I'm going to senior manager which I probably am because there's probably money that means their approval I might be going to executive levels with this how we tie into the business well one good way to do it is we just start demonstrating

efficiency gains cost savings a great example I have this is a customer I work with by the way I didn't mention I work for CDW so you're gonna you might hear me mention that I'll tell you more about that later why customers EPW who came to us they wanted to build a business keys around installing next-gen 40 words software I love that term because of course everything is the next journey is based right with the next-gen software okay you guys want you had pointing security stock right get that what is it you know we started digging into what their business problems were and one of the big ones we saw know what we're talking with our IT department here well

let's look at how often you guys are be building pcs and laptops because you're getting malware oh yeah we're doing that quite a bit we're spending you know they were actually evil amazing you name it the metrics around this but they didn't connect that holy crap I could build a business keys with that because next time an end point in theory should help me reduce that cause if it does a better job cap you're detecting malicious behaviors and malicious malware at 770 guys get the idea so that's an easy way to start to demonstrate to the business now this isn't about security or this is what I can save you money okay so that's a good start

the problem with this is a chemist it can get that illicit sometimes it's hard to predict how much money it's really going to save that example I told you about that was probably their biggest challenge was okay we know what you're doing now in terms of having to rebuild pcs but what's that going to shrink - yeah that's a hard thing to predict so let's get a little bit better how can we keep what we expected cost savings or some other factor that how's it going to allow us to tackle a wishlist I know anybody who's worked with an IT department you know there's always never wish list of things that's just not getting done projects that we

know what we want to do that are sitting there in the queue they're too expensive we don't have enough people whatever I'll pick one of those off the list and don't make it an IT project make it a business project is there something out there's a new function functionality we're trying to build some new platform we want to launch something like that something that's been sitting there that we haven't been able to touch because we don't have the resources we don't have the money you don't have whatever high that back to your security initiative now you've got senior levels of management who are interested in efficiencies looking at that see that's a really neat idea we could actually do

that I find the best money here I'm going to get this thing along with it well it's interesting because I can start to perk up to hearing that message in there I start the thing it may be used to be a revenue in that if I can launch that so maybe I don't hire a director ROI because we don't like that term insecurity but maybe there's some revenue I can tie to this investment that I'm putting forth the best power is when you can sit down and you can find a way that you're going to enable a new innovation or a new business model or a new revenue stream entirely by your security initiative my favorite example

here is an organization I worked with a long time ago that long ago but they were responsible for you know our manager so literally people who are working on you know patents and things like that would store that information with them and they had all sorts of services wrapped around that as you can imagine well they were doing this move to cloud because everybody loves the cloud great but the problem they had with it was they had one specific compliance requirement around how they stored specific IP data and they simply the way it was and also we came down I want to get into the specifics but they came down to how they identify users and an

audit ability so they were afraid to move into the cloud because well we're not going to have that visibility we're not going to be able to control the users we you know we don't have privileged access management in in the cloud environment so we're to keep that here while they were trying to move forward some of those initiatives internally and having trouble building the business case so all we did was we said we'll listen let's talk about how we can leverage of any cloud access broker solution plus that and with what you're already proposing from MFA and chrome identity access management and the privileged access management piece that you're implementing internally how can we tie all that together now that

we've got a Casti solution in your cloud and build that out not what you move that information yeah you could okay you need to replace parts well now if that's in the cloud doesn't getting that into the cloud allow you to now create a new service by which people who are supposed to be able to access that highly protected information and today have to go through a manual request process to receive could now have a subscription service to be able to go out access to it themselves done they built the business case it went to the board the board was excited Coronado press release two weeks later that this was what they were going to do that's impressive

that's how you get the board to listen that was innovative it put them out there ahead of all their competitors nobody else in the marketplace would dare even touch that idea because nobody else had talked through about it but you know one thing you need to lose security perspective everybody assumed that these compliance requirements as they were subject to would prevent them from getting there I said audience participation I've got more so it's your turn who's willing to throw out an ID as something you're trying to do at work right now a security initiative let's talk it through if you're willing I don't want to exposing confidential information obviously we have an idea some security initiative you want to do

in the next year another visibility okay so what are we proposing to get that better visibility okay so basically you're trying to take that mess that is maybe is him today and be able to throw some intelligence around that we've heard things we've heard topics like soar and yada yada that are all going to make life 100% all right fix all the problems swamps gonna fix all your problems so let's start with the good how do you save money there how is that security initiative Emma save money - is the easy one perhaps muted techno Festa remediated what else what about the fact that hey I've got a bunch of people watching the screens today and I

can automate like half of what they're doing and enable them to do other work instead this is Emma cross series yeah so that's certain thing about that goes turned how can we talk about business enablement well obviously if I'm freeing up those people they're gonna be able to do other projects psychicness are better well what can we do that might be innovative now that I have become at this new event management platform I've got better visibility into security of Venice what can I do that would stand out like that enable me to get into things maybe there's a play for and obviously the parents and I know this is tough because we don't know the business

right maybe there's a place something we're looking to do with I'm going to say that it's supposed to where you're gonna hit me black chain right we're afraid to use black team for this part of our business for whatever reason or we're afraid to start accepting because of whatever reason maybe as we start to enable that or more confidence in our automated visibility into things and we're doing that event management maybe now I'm a little more gutsy and we start to do things that wake up the market and show that we're innovators that's what we're talking about doing here so the last piece of my talking about that I just wanted to touch on quickly is when we take this to

executives when you go to executives are waiting for the poor I mentioned the board meetings are like nothing you've ever done before if you're going to go forward me step one you're not presenting this is not a 30 minute PowerPoint you're gonna stand there presents when they're gonna clap at the end then your answer questions I tell most people want to coaching see so as you've got to be prepared you get everything out of your mouth that you want to get up that's most important in about three minutes because that's what you're going to get because the next thing that you need to be prepared for is the Kanye West's in the room you will

get interrupted the entire Tapani and if you're not prepared prepared for that it's a frustrating experience and you're gonna feel attacked you're gonna feel root alized you need to be ready for that and then finally be ready for those questions they're going to ask them that's how they're going to interrupt you and they are going to ask you very good questions at that level they're used to digging in quick getting to the answers they need and they're not waiting for anybody so anticipate what they're going to ask you talk to your mentors hopefully you have mentors above you in the organization you can talk to about hey what are they going to want to hear from me and going in there ready to

answer their questions that that positive message is how you're going to be successful so finally I'm going to leave you with a quote nobody can motivate themselves in positive direction by continually using negative words that's what we've talked about here today so my challenge to you is this you're going to hear a lot of messages today you're going to hear all pentesting tactics from Jordan think about what that means in terms of your business and how you would describe that to your higher-ups you're going to hear about automating blue team activities how do you solve that automation to your senior levels of management think about that today when you're hearing those messages I mentioned mentoring before

having a mentor so think about that when you see the panel later that's going to go through that discussion where did you have that opportunity to further your career by finding members within your organization now we're going to get all sorts of stuff into malware and a host discovery and ipv6 and again think about how you're going to sell those activities when you've got to take that to your executive managers why is that so important and then finally we've got a number of presentations on crypto mining crypto jacking how do you explain to a business leader why that's important think about those today as you go through last thing a couple references for you I'll leave this up very quickly

if you want to get cellphones out if you're interested a couple of the articles that I use for this one is that I told you about at the hospital there's some other stuff in here on the neuroscience side and then finally I'd love to keep the discussion going so please by all means feel free to reach out to me Twitter is by far the easiest my handle is up here my website's up there Linkedin of course I think we all kind of if you want to find a job that's on it's the easiest way so with that thank you all so very much I appreciate it enjoy the rest of the day [Applause]