How To Lose Friends and Influence People (An Apology)

so yes that for those wondering that is me I guess I've always been around computers but I should be you know I should state that I have zero CBE's associated with my name I am NOT an elite hacks or I didn't grow up in a BBS but I deeply deeply care about the mission in the talent pool that comes here and I want to show a little bit of vulnerability for our collective benefit and I hope I don't mess it up but I really want to connect with everybody in this room in this year our 25th year coming to Vegas as a community we've been doing this for a quarter of a century and I think it's time to face

some tough choices I have made some choices my choices have had consequences but this talk isn't about me it's not even about the people I've upset it's about you and what you want for the next 25 years so part of the abstract is I am very worried about the point in history we find ourselves what we first started as a hobby for challenging curiosity kind of turned into our profession and when we weren't looking our profession is now turned into something critical to seven billion humans on this planet and one of the things we're trying to do is a small group of us have started going to the policy community and getting outside the echo chamber in trying to

translate our interests and our knowledge into public policy safety critical industries etc is that we are placing so much dependence on undependable things that we are opening ourselves to accidents and adversaries where any single mistake like I wanna cry or any single actor like Junaid Hussain can have a profound impact on our public safety our civil liberties our way of life now I have made a lot of enemies over the last four years since we started I in the cavalry it was surprising to me it was confounding to me I'm sure I've made a lot of mistakes but one of the things I've come to learn is what we say we're a community we're not a community we're a community of

communities and every single one as different motives so we try to oversimplify this by saying what drives white hats right I say there's protectors that want to make the world a safer place there's puzzlers that do this for challenging curiosity that's why most of us got into this in the first place there's prestige that do it for glory or recognition or for making a name for themselves on a particular topic there's profit and professionalism that do this to advance their career or their or their earning potential and there's protests that do it for or against some sort of ideological cause now most of you are not so simple that one of these is your motive for me I'm first and

foremost a protector I want to make the world a safer place and second I like hard hard problems so which of these are you and what drives you and why do you stay in this industry but anybody that tries to cast dispersions they're usually promoting what they care about on to you so I'm gonna give a very brief state of affairs as far as the public policy world goes you guys know this but we tend to summarize the things we've been promoting is wherever bits and bytes meet flesh and blood this is our cars or medical devices or hospitals our critical infrastructure and I'm just gonna remind some people some things we said four years ago when we launched I

in the cavalry right the idea was we know something really really bad is gonna happen first we know people will have to die the question was yes we'll figure this out eventually but can we be safer sooner if we work together with teammates outside the norm outside the echo chamber and outside the hacker community and and remote wishing during one of our first meetings she pointed out this particular historical event does anybody know what this is so this is a river on fire right is the Cuyahoga River if you've ever been in the Rock and Roll Hall of Fame that's exactly where that is this pollution was so bad in the highe hoga River it caught on

fire and stayed on fire like how bad do things have to get in cybersecurity before we have that tipping point says you know maybe we should stop polluting and maybe we should do something like the Clean Water Act maybe we should do something different but the sad story about this is it didn't catch on fire once this was a 22nd time it had caught on fire across a seven-year period before someone took a picture and put it in Time magazine and eventually you got the EPA and eventually got the Clean Water Act but some of those regulations actually overreached and backfired because you waited until there was a crisis moment so one of the ways you put

this is everyone says what's our big event that's gonna cause something to change and I don't think there's going to be one I think we're gonna have to have a series of very painful failures and eventually we'll get to an inflection point the problem is if we wait for this it could compromise our liberties it could increased surveillance it could hurt the economy it could criminalize this room's talent pool so when we talk about Cuyahoga Rivers on fire I'd like to suggest that last year in this room knows this this is just a thumbnail what we show other people how many of us knew the power grids could be hacked well now the public knows right this

isn't about what we know now the public knows how many of us knows you know you can use show tin to log in with fixed maintenance passwords on safety critical infrastructure like Electric Dam or I'm at water facility well now it's been done right and now the DOJ is unsealing documents that Iranian hackers have done this how many of us knew hospitals were vulnerable well Hollywood Presbyterian shut down patient care for a week people coming in ambulances bleeding had to go up the street in LA traffic to go to a different facility because they could not provide patient care and it wasn't even on purpose a single java flaw and a single device shut down patient care for

a week now when these attacks happen you know we like to think we'll just respond quickly but I think it's gonna be more like the Deepwater Horizon spill where it's gonna be on the news every single night and when you have a loss of life or a crisis of confidence in the public to trust hospitals they're going to react and they're going to legislate and they're going to regulate and if we haven't gotten there first to inject some clue we may not like what they do now one of those moments was the Mirai botnet and I thought hospitals were gonna scare the bejesus out of Congress people but it turned out it was actually Mirai because we can saying for years

that if we regulate IOT we might stifle innovation or hurt the economy and then with the Mirai botnet with this long tail of low cost low hygiene devices they saw that a failure to regulate IOT is gonna stifle innovation hurt the economy the internet was down for a Friday so that got the attention of the private sector and now there's serious discussion about regulating some form of minimum standards for IOT in fact as a rumor there's a bill coming this week while we're here on Io T so that tsunami of technical debt is gonna catch up with us and we're gonna get something the question is is it gonna make it better or is it gonna make it worse and then no

one talks about these but Mariah all they did was a DDoS there's a different watt net that's actually breaking the devices if you think of Mirai right now is $100 cameras what made it work there's three things that made Mirai work internet connection fix credentials and unpatch Abal now I just described most the multi-million dollar medical equipment in hospitals there's nothing stopping the next Mirai from being infusion pumps hooked up to human beings and if someone goes around breaking those people are gonna die and then just when I thought it couldn't get worse don't wanna cry attack without trying to took out 65 hospitals in the UK in a single day 65 hospitals so if one

Hospital loses patient care you send ambulances up the street when 20% of your national capacity of health delivery goes down people died we keep saying well no one's gonna fix anything until people died wanna cry killed people how do we know this we know that there's a New England Journal of Medicine study that shows on the day of the Boston Marathon on average your ambulance ride is three minutes and forty something seconds longer and the mortality rate because of three minutes extra in an ambulance had a statistically significant increase in death rate so if one hospitals routes can hurt patient care and survival rates what do you think 20% of the country's rate did and what really bothered me is

on day five of them dealing with their attack those ariana grande bombings happen in Manchester UK and if any extra people died because of diminished or delayed patient care because there was SMB exposed to the internet on a patchable vulnerability we've got to do better now we worked on a healthcare cypress tree task force for Congress because Congress is starting to ask these questions and yes they use the word cyber and a year into this thing we thought it was a lot worse than any of us expected so let me just summarize the graphic we have in the very first page we had about 13 things that scared the everliving bejesus out of us and they

should scare the bejesus out of you as well but the number one problem is we found about 85% of the hospitals in the u.s. don't have a single qualified security person not one there's no one there to do a patch there's no one to do segmentation isolation there's no one there to receive the alert from InfraGard or from the FBI there's nobody there most of our hospitals have 20 or fewer employees and 0 of those are going to be cyber security people number two they a real plague of legacy unsupported operating systems Windows XP is often a best-case this thing is not only past the end of life its successor Vista is past the end of life so we have much

harder order to defend things that affect one-sixth of our economy number three meaningful use requirements drove premature and hyper connectivity so everything's connected to everything else so the blast radius is one compromise of one device takes out a whole Hospital so these things are way over connected to each other and it's kind of our fault now we know from Hollywood Presbyterian and now from wanna cried that a single flaw in a single device can affect patient care it's not about a loss of data everyone talks about HIPAA I love my privacy I'd like to be alive to enjoy it and this is no longer about protecting our data is about protecting life-saving services and then lastly

Billy Rios and some others found that the average device had over a thousand sea bees in it so no one's at the hospital defending the network they're defending XP if they were trying their over connected to each other and reachable from the outside world a single flaw in a single device can take out a hospital and the average device gives you a thousand chances to do that there were fourteen hundred and forty six in one particular device this should bother everybody here and the talk is not meant to be a downer but this is the situation we find in twenty 17 and I made a lot of people angry saying this but at its face value is it

untrue you know can we side sort of promote to industry that there's no free lunch and if you really can't afford to add more security maybe we can't connect everything to everything else in fact when we launched the cavalry four years ago our problem statement was that as follows we said our dependence on connected technology is growing faster than our ability to secure it so when you're faced with that you can do two things you can make it more dependable which is really really hard or you can depend upon it less and right now we're choosing neither and it's adding to our exposure so four years ago here and I'm very grateful to Banshee into Jack and

the b-sides family they gave us a platform to try a crazy crazy experiment and launch I am the cavalry to try to do something different and this is not about that movement it's about what we encountered on the experiment and why I think more of you should try a similar one but the thing is I'm really scared we've had a lot of victories over the last four years but what we were saying might happen four years ago here in this room is actually happening the very things we've said we were concerned about are manifesting and some of the fixes for these are gonna take ten years from when we decide to start we don't have ten years anymore and again back to

the Cuyahoga River we've had several fires if we don't get our act together and decide who we want to be how we want to be how we're gonna interact with the outside world and make sure we're putting the right clue in front of the right policymakers we're gonna end up with a response that criminalizes what we do or makes it harder to actually help them or ends up hurting our business models so if you don't want to react to something that we need to sculpt it and shape it so then I ask you and this is the part that I've been dreading but we have to take a hard look at who we are we do some amazing

things and we have an amazing culture we also have some less-desirable anti-patterns that hold us back and I'm gonna name in shame not people but patterns that hurt us and make us less than we need to be raise your hand if you've got imposter syndrome come on more we make it really really hard for new voices or for humble voices to contribute in this industry and the reason I'm willing to do this and push through some of this is because not that I have infinite healing power but I really care about this so I know the b-sides sub-tribe really cares as well but here we go you kind of have to name your demons if you want to loosen

their grip over you so here are some of the demons that I guarantee you most of you encountered one or more of these and I'm hoping that we're not gonna attack the people or the sins like well I want to check the sins not the sinners I love most of the people in this tribe I've upset many of the people in this tribe and I'm about to potentially upset some more of them but this the intent is not to upset them the intent is to get the steuby our best so one of the forms of hate we way people don't necessarily want change is no matter what you do people would project into the rorschach

they witness cast their wants and needs and fears on to you so if somebody cares about prestige they assume that what we're doing is to be famous and if somebody cares about money they think that what we're doing is to enrich ourselves and everybody's got an opinion but usually the critique and the criticisms if you encounter them say more about the hater than the hated it doesn't mean that they're not right it doesn't mean we shouldn't listen to criticism but a lot of people project onto you what your actual motives are so there comes a point where you need to be secure in yourself but what are you doing why are you doing it and try to

push through that now this is an eye chart but this is the strength of argument pyramid they teach you in debate class or in logic but essentially the top of the pyramid is the stuff that actually is a strong counter-argument at the bottom it gets down to name-calling ad hominem attacking tone so what do I mean by that how times have you heard something said well so-and-so is not wrong but it shouldn't be them it should be somebody else somebody more elite or it's not what they said it's how they said it right have you ever heard that and my favorite is the ad hominem attack right I find that somebody's gonna use the strongest

argument they can against you and instead of fearing that now I've come to a point where if somebody's gonna attack the messenger instead of the message they really don't have a lot of leg to stand on but these things do hurt right you've seen the flame wars you've seen people tear people down you've seen the gas lighting then there comes the permission thing like if you dare get out outside of your swimlane and do something that you're not supposed to do you can get smacked around pretty hard like well so-and-so should be on that panel instead or I would prefer if this person did it or pick your favorite rock star right but we don't need to ask for

permission like who in nominated who created the approval board and the permission slips for who's allowed to contribute to something that they're concerned about so at some point you have to stop looking for permission and just do it and I think that experiment will last for years is we just decided to tough it out and do it Plus isn't it a lot more fun when you don't have permission we also have the tall poppy Pro problem anybody know this one so there's a group think problem that if anybody tries to pick their head up above the crowd they tend to get sniped and especially if you don't have permission especially if you're not elite especially if you're not a known

quantity if you try to stick your neck out you tends not to go very well and that's not isolated to the hacker community but how many times are we seeing this happen where we punish achievement there's a lesser-known one involving crabs apparently if a crab tries to escape a bucket its friends will make sure it fails and if it keeps trying to escape the bucket they will break its legs and if it persists further it'll kill the other crab so hopefully we can be less crabby some of these are more benign looking but I think they actually fuel other things so if you quote somebody you'll get screamed at for being a name-dropper but equally if you don't cite your priors

you'll be screamed at for being a plagiarist and for some reason one of the most disappointing patterns in this space if we never cite prior art if this started with this notion of everyone being called a name-dropper but we're never gonna advance our field if we don't acknowledge the prior work people did not because we have to kiss a brass ring but because we can add and stand on the shoulders of giants like Jax project right we want to take prior work and enhance it or augment it or move it further or take it into a new crowd so this notion of your name dropper if you cite other people might be contributing to some of our other more dangerous

effects but ultimately I got to the point where the mission was more important to us than the hate and we started realizing like this isn't just hurting us it's actually hurting the people who are getting mad why are they so animated and it comes to a piece hard-earned where it took me two years and I let people get to me for too long but ultimately spaced or grabbed my phone and made me download Taylor Swift right and I finally got healed around Derby Khan in the second year where I realize haters gonna hate they're not bad people some people just are afraid of change or maybe they're motivated differently and if your mission is important enough to you

you'll just persevere through it but the problem is I just talked about the easy patterns even after I got through people that I don't know giving us a hard time making fun of the mission you can brush that off but then I started pissing off people I care about and people that I've been friends with for a decade or more and it was really unintuitive but you know we've got some deep-seated patterns so back to those mode Nations everybody's automated to try to fix healthcare security some people are motivated on their topic or they're motivated on their business or they like things the way they are or they've worked hard to make it to the elite

class and they want to maintain that position or they like the walled garden that we have in cybersecurity and don't want us to escape the echo chamber talk to Congress or use the word cyber but for whatever their reasons their group they're really good people but we encountered some next order problems does anybody know this movie maybe not know this movie I think one of our less obvious patterns that we've held onto for 25 years is the Highlander fallacy that for a given topic you know there can be only one and we have to defend our turf on our topic and the thing is there's seven billion humans that are now increasingly exposed to hacks on

medical devices or transportation or public infrastructure one person cannot scale and if you want to own a topic I doubt that person wants to own the responsibility for all harm that happens during their watch now for 25 years this is what we did and this has been a feature of our culture and I think you can honor the accomplishments achievements and expertise of somebody without holding others down and the truth is we need 20 people on each of these topics we might need 50 people on each of these topics so we've got to push past the idea that there can be only one

[Applause] so I kept this section short because I didn't know if Ally was gonna get an a game theory but she and I need to talk more about game theory there's a a punnett square in game theory called the prisoner's dilemma where we're both arrested in depending on our individual choices we're gonna minimize our jail time or screw over our friend and whether we meant to or not I'd like to suggest the first 25 years of our culture has been more defined by the prisoner's dilemma than by an alternative there's another called the stag hunt which says if you go hunting on your own you might catch a rabbit and live to eat and serve and survive

another day and if I hunt on my own I might catch a rabbit but if we can put aside our competition and work together we might take down a stag and I hope that by naming some of these demons and patterns you can actually shift from competing with each other to building upon each other and this is not a platitude I'd like to say we've been doing this for the last four years anybody know who this guy is you've seen it a thousand times but you know who it is so this is Prometheus his sin was he stole fire and gave it to mortal man he empowered everybody now his punishment because our choices have consequences as

he was chained to a rock and had his gizzard eaten out by a eagle every single day only to heal back and get punished again so it's not the first time someone tried to change the status quo and met with resistance but I hope we can get past that and if you're wondering what the hell is Josh talking about does anybody recognize this picture I'll use a more pop culture reference so in the lore of Buffy the Vampire Slayer what was the the old legend to every generation there is born a Slayer right one but what did she do they just kept season after season fighting the big bad losing dying in a couple cases and and

ultimately she took the magic of the one Slayer and democratized and shared that power so there were many Slayers and to that I say it's about time so I'd like us to encourage sharing and encouragement and empowerment over elitism and to do that we have to know who our enemy is and here's a hint your enemy is not in this room your enemy is probably not in Vegas this week we have actual enemies and the number one enemy we have is time again four years ago we talked about this as a theory this year it's happening the u.s. got incredibly lucky with wanna cry it barely touched us we are the most connected and exposed

nation and it would have destroyed us and if you think we have a lot more time almost nobody patched the vulnerability that enabled want or cry so when Pesci anot Pesci is started circling around we're still exposed and our Luck's gonna run out you know they say what is it time is the fire in which we burn any moment or minute or hour we waste tolerating some of these anti patterns or if you're an imposter and you're afraid to make your contribution that's a minute we're losing to our actual adversaries and some of those are pretty frickin scary I'm shocked how few of you guys know about trick but you know we made fun of anonymous we said they were

a bunch of kids and they had no real skill well in team poison Junaid Hussain attacked Tony Blair's web site and went to jail so he wasn't super early hacker but he was talented enough to hack Tony Blair at some point after getting out of prison in UK he moved to Raqqa Syria and founded the cyber caliphate he was the number three most dangerous man in Isis when he met a drone strike to the face after DEFCON two years ago now he was not very talented but he was talented enough to use showdown or Metasploit or default passwords or hack Windows XP over SMB in every one of our hospitals so when I saw Hollywood

Presbyterian Hospital hacked a few months later I said thank God trick is dead but out of seven billion humans do you think they're all gonna be nice do you think there's nobody with the means mode of an opportunity to take life we're out of time so when we launched at Derby con we get our constitutional Congress and Brian Kieffer short he did a very small talk I think was five minutes long on maybe a path forward it was part of our experiment he said let's think about InfoSec as World of Warcraft you know you can start off as a a solo kill a bunch of boors in the wilderness maybe do some pick up groups if you want

to go in a dungeon you need at least five you know maybe a healer maybe a tank maybe a damage dealer and for the really hard stuff it takes a guild if you want to actually achieve the real intentions of the game and have fun and take down bigger game back to the stag hunts it doesn't take diversity it takes tons of diversity gatherers herbalists cloth makers tanks healers off healers it takes a guilt and that's how we decided to conduct ourselves and boy did it piss peace of some people off and yes occasionally we've had a leroy jenkins try to screw everything up and if Dungeons and Dragons or wool or Warcraft isn't your thing you know maybe each of

these heroes on their own wasn't enough to fight the bigger foe and if you're still one of the holdouts that actually likes DC here's your DC one right that's for Bob Rudess okay but I want to name some of my heroes and they there's obviously some elite hackers and some a-list rockstars that have had tremendous contributions to our space and really broken through barriers and done first-of-a-kind things and they absolutely deserve our respect and admiration but my heroes are a little different in this experiment when we tried to include people or empower people my heroes include Jen Ellis

Jen Ellis has probably done more to protect hacker rights to research than any human being on earth and I have seen people meet her four or five times and forget they ever met her she is the most humble committed passionate doer she generates ideas she helps us refine our messages she is the wind beneath so many people's wings never wants credit still think she has no business doing this and she has probably done more to terraform and prepare the outside world for everything you do well than any other person I can name my heroes include Bo Woods Bo Woods wasn't even at the cavalry launch he was talking on a different stage here at besides didn't

even hear it and in the speaker room hearing what the mission was he said I'm in Oh a year and a half ago quit his job to take less than half pay to move to DC to try to be a voice of reason and try to make sure that we were prepared as possible in the executive branch and legislative to try to be a clue an ambassador to try to make everything we care about come true he didn't do it to get famous he didn't do it to get rich he did it because his heart was committed to doing something important he doesn't have a bunch of CDs associated with the name he has a

psychology degree in a huge heart and I am eternally grateful to what Bo has done for this mission [Applause] my heroes are Audie hatch she was a nurse and a med tech in a hospital and new to cyber but I've learned so much about what hospital cybersecurity is actually gonna have to look at or Hellena a nurse from from yura who's telling me all the bright things to do so two nurses who still think that they have no business doing this stuff and I don't know how we would do the mission without them so thank you it's Colin Morgan who works for a medical device maker and not only is he putting his neck out within his own company to try

to be a leader in medical advice space but he's also challenging his peers in industry to do the same and he's taken a lot of risks and he's taking a lot of bruises but every risk he's taken his built trust and continue to let him lead through it in his organization so much so that I agree with his son who thinks he's a superhero and saves lives and Colin thank you for your partnership you know where's Klaus I'm not gonna name every single human being on earth sight unseen we had never met Klaus from Europe we bumped into each other at a random event in Amsterdam and Klaus is volunteerism is to ensure we catch and activate

volunteerism and he puts up with a lot of crap from us but he has made sure that we have a steady influx of people and we find a way to empower them and leverage their talents and skills even if they don't come from elite hacker circles so Thank You Klaus no my hero this is going to wrap up real soon but I also have heroes in government dr. Suzanne Schwartz of the FDA is doing things that should be impossible in a federal agency and she not only is she here at DEFCON for the third year but she's continuing to push the edges to help make sure that hackers are treated like a teammate instead of a threat she

put into regulation that she wants every single medical device maker to have a published coordinated vulnerability disclosure to work with white hats she is helping us contribute to the public good you're also gonna see Alan Friedman from Commerce Department at NTIA he's driving patching standards and coordinated Varma disclosure Pat best practices to terraform and get people ready for this where's Alan oh I just left all right all right and there's even a tech staffer from Congress here who's gonna show you guys what it looks like tomorrow to see a real congressional testimony in action and how the government's thinking about embracing and amplifying the domestic resource that is you Jessica Wilkerson so one of the things I want to say to

anybody who's ever wrestled with impostor syndrome this was hanging on my uncle's wall right you guys remember the Lion the Witch and the Wardrobe Aslan humility is not thinking less of yourself it's thinking of yourself less and because you in this room care about the mission you're not arrogant to own your skills you're contributing if you own your skills and I think that there's an apology in this talk and the apology is I'm sorry I let those patterns diminish me and more importantly I'm sorry I've let those patterns diminish you because if time is the enemy I should have spent more time empowering each of you and working with each of you and I'm not gonna make that mistake

anymore

[Applause] so the idea of working with people that are different than us and better than us is starting to take hold we tried to target three first-of-a-kind policies last year FDA post market guidance the NTIA coordinated disclosure best practices and then the Department of Transportation guidance for connected vehicles it turned out there were 11 we also worked with DHS on strategic principles for IOT there was a Presidential Commission on hansung national cyber security the Kimo where there was a congressional health care task force and members of this room when called upon created comments refined comments showed up at workshops tried to be that voice of reason and technical ambassador and look most of us don't

like public policy we think the government mostly screws stuff up but the bottom line is they're gonna act with or without us and we have a much better chance if we're at the table helping them so here's a few of them and we're not gonna go into them today well we are actually Jessica's gonna go through them in the cavalry track some of these policy updates but the one I think this room is most concerned about whether you knew this or not and one of the other MVPs I hope she's here is Andrea magician a law professor there are 18 parts of the federal government that have now enthusiastically in a two-year period endorsed the value of coordinated

vulnerability disclosure and this is thanks to the work of Katie Missouri's art minion andrea magician Jan Alice Craig Smith J Radcliffe anybody who testified tried to be that ambassador and put a happy face on this this includes the digital money and Copyright Act having an exemption that it is no longer illegal through October of next year to do white hat research acting in good faith on cars medical devices or consumer electronics we are turning the tide by looking at hackers as criminals and we're gonna go through some of those later today but I think one of the crowning achievements of this crazy experiment to push past elitism and look at inclusion we met two hackers

in the DEFCON lounge that were med students on our one-year anniversary Christian damn eff and Jeff Tully and these guys while in med school said you know what we should do we should take everything we know about the body and medical science and everything we know about hacking and we should do a real-life clinical hacking simulation and a few months ago in Arizona we did that my friends and family said what we guys do in Arizona and I said we killed three people but what we did is for the very first time using real science and real physicians that were unaware of what was going on we did three clinical hacks of three different device types in

a normal training simulation where they used professional actors and very expensive dummies and the hack devices which we're gonna show some raw video of later today included a hacked insulin pump that causes a car crash and instead of realizing it was an insulin overdose that caused the crash the delayed diagnosis allowed the patient to code the second one was a bedside in future pump instead of giving the dose that was meant to take three hours it gave three hours of medicine in one minute causing a cardiac arrest and these physicians had to react to something they had didn't understand and weren't trained for in fact the toxicologist that did that one actually figured out what was

going on but didn't realize the device was hacked so administered the antidote using the same compromised device but the really sexy scary one was a defibrillator pacemaker where every minute on the minute it was giving an electro shock to the actor and he was screaming in agony and none of the things they're trying to do like put a magnet on the chest to go to a factory default firmware safe mode didn't work and the thing about this and the way the heart works is if you're getting zapped every minute it's like Russian Roulette and every so often it'll cause a systole and the guy had codes and has a heart attack the patient died I think four

times while they were trying to figure out what to do which is the intersection of hacking actual hacking and actual science and ultimately they had to wheel in the dummy crack open the chest cut in have the blood ooze out and cut the lead wires while there's electroshocks of an active surgical field and just when the guy went to catch his breath he realized oh wait the pacemaker is necessary to keep this guy alive so they had to do external pacing but this very visceral thing told in a very non Fudd way through ABC is finally gonna scale and reach other hospitals that said you know I thought we'd be okay but we're not trained for this we have no idea what's

going on it's probably time we start working this into our differential diagnosis and the goal isn't to scare people away from connected medicine we have to push connected medicine modern medicine is way safer than anything else and even if we lose a single person a day to hacking that's fine for all the the lives were going to say it except for the fact that a crisis of confidence from these organizations or from the public is gonna postpone and scare that away so again I ask you as we close here who do we want to be what do we want to encourage do want to encourage helping people over there impostor syndrome or do we want to put them down because

they're not lead enough do we want to attract people to the industry just to scare them away again or do we want to find some way to make the best use of a nurse a congressperson a politician a lawyer a project manager every single one of you came from something else and we need the best of what you can do to be the best of what we can be and look I'm not asking you to join in with the cavalry safety mission there's privacy issues there's other issues is vas honor which I don't touch with a ten-foot pole there's a lot of issues that affect this community so my fight might not be your fight Martin Morgan Marquis Bois says

this but you have something you care about so what I want to do in closing is get beyond lead ISM it got us this far we have a lot of interesting characters and diversity in history I think what's going to get us to the next round is a shift to empowerment of everybody [Applause] so I'd like to paint a stark choice we can either hold on to this idea there can be only one in all the other patterns but for my sake I kind of want to kill a dragon it's gonna take trust empathy and a guild I hope you're part of that guild we can be safer sooner if we find the best in each of us and that

has to start today thank you [Applause]