(upbeat music) >> Welcome to this cube conversation. I'm Lisa Martin. I'm joined by Aamir Lakhani, the Lead Researcher and Cybersecurity Expert at FortiGuard Labs at Fortinet. Aamir, welcome back to theCube. >> Hey, it's always good to be back on. >> It is, even though we're still in this work from anywhere environment, and that's one of the things that I want to talk to you about. We're in this environment now, I've lost count, 16 months, 17 months? And we now have this distribution of folks working still from home, maybe some in the office, and a good portion that probably want to remain remote. And one of the things that, that you guys have seen in this time is this huge uptick and sophistication in phishing attacks. Talk to me about what's going on. >> You know, it's a funny thing you mention that, Lisa, every attack that I've seen in the last 16 months usually has a phishing component, and over the last, even just the last couple of weeks, we've seen some really sophisticated attacks, attacks that are against industrial control systems, against critical infrastructure, against large corporations, government entities, and almost every one of those attacks, whether it's a ransomware attack, whether it's a denial of service attack, usually has a phishing component. And the sad part is usually the initial attack vector, how attackers are getting into the network, a lot of times as the first step is through phishing. And, you know, it works, it's a method that has always worked. It works just as well today as it always did, so attackers are basically going back to the well and basically making their phishing attacks more complicated, and more sophisticated, and it's much more effective than it ever used to be. >> Tell me how they're making it more sophisticated because I know, I've seen interesting examples through Twitter, for example, of people that are very well-versed, you might even consider them cybersecurity experts, who've just almost fallen for a phishing email that looks so legitimate. How is it getting more sophisticated? >> Well, what attackers are doing is they're definitely playing on your emotions. They understand that there's a lot of things happening in the world, and sometimes we get a little emotion about it, whether it's, "Hey, how do you get the latest vaccine?" Maybe information, you know, around getting jobs, going back to work, LinkedIn, is a good example. A lot of people are looking for jobs. When the U.S. elections were happening, and there was a lot of phishing attacks around, political donations, and affiliations. They kind of kind of find these hot button items that they know people are really going to not think first about security, and really think like, "Hey, how do I respond back to this?" and really attack them that way. The other thing that we're seeing on how it's getting complicated is, it used to be like a phishing attack. You know, it used to be pretty simple, like click on a link. Now what they're doing is they're actually targeting organizations and what you do as a job. For example, I've seen a lot of phishing attacks against the HR, the human resource departments, and I feel sad for anyone in human resources because their job all day is to basically open files, and emails from strangers, and that's what attackers are doing. They're like, "Hey, I want to apply for a cybersecurity position. "And by the way, my resume is encrypted. "Please click on this link to see "my secure version of my resume". And when they do that, you know, HR person may be thinking, "Hey, this is a cybersecurity guy, like good. "He's actually sending me an encrypted link." In reality, when they click on that button, it's attacking their machine, and actually getting into their organization. The attacks are getting into the organization. So they're using more and more tricks to actually technically bypass some of the security tools you may have. >> So getting more sophisticated by preying on emotions, and also using technology, and things that an HR person, like you said, would think, "Great, this is the level of sophistication that this applicant has. How do they, how do organizations start reducing those attacks, that are falling victim to these attacks? >> Yeah, so I was thinking, at Fortinet we always mention, like at FortiGuard labs, that training and security awareness is some of the best ways you can protect against this attack. At Fortinet we have our training advancement agenda, that's out of Fortinet.com/training/taa. Basically what that does, well what we emphasize, what we preach, is that training is the key and education is the key, in helping protect against those attacks. And, you know, you can train anyone these days, at least some level of, you know, awareness. My mom used to call me up, and used to tell me like, "Hey, I got the IRS calling me, "should I answer these questions?" I was like, "No, absolutely not, like this is dangerous, "the IRS doesn't call you up and asking you "for your credit card number." I actually had my mum go for our level, one of our training, and she actually gets it. She's like, "Okay, I get why I shouldn't call the, you know, "answer the questions from the IRS now." So I say any type of training, to anyone you can give, and you can start it off like with people in high school, with people in elementary school, all the way up to professionals, I think it helps in all levels. >> So first of all, your mom sounds like my mom, and I need to get my mom to do this training, I really do. But one of the things that kind of highlights is the fact that there are five generations in the workforce. So there, and in every industry, there is a huge variety of people that understand technology, and know to be suspicious. And that's one of the things I think that's challenging for organizations, because if a lot of that responsibility falls on the person, the more sophisticated, the more personalized this phishing email is, the more likely I'm to think this is legitimate instead of questioning it. So that training that you're talking about, tell me a little bit more about that. You mentioned a variety of ages and generations, that folks as young as high school kids, and then folks in our parents' generation can also go on and learn how to navigate through basic emails, for example, to look for, to see what to look for. >> Yeah, it's not only emails. So attackers, like I said, they are getting sophisticated. We are seeing phishing attacks, not only through emails, but through applications, mobile applications. There's actually like some advanced phishing techniques now on smart speakers. When you ask your smart speaker, a certain skill like, "Hey, tell me my balance, "tell me what the weather is." There's like some phishing attacks there. So there's phishing attacks all across the board. Obviously, when we talk about phishing we're mostly talking about email attacks, but every generation kind of has their tools kind of has their, you know, techniques or apps that they're comfortable with. So, and we're trained, like a lot of my friends are trained to basically click on any app, download any app, allow, they don't really read the pop-ups that say like, "Do you want to share information?" They'll just start sharing information. People in the workforce, like sometimes that are not paying attention, they're just clicking on emails, and attackers realize this, most of the time when attacks happen, it's not when you're paying attention. It's like when we're on our Zoom calls, and we're actually like looking at our phones, looking at emails, multitasking, and that's when your attention kind of diverts a little bit, And that's when attackers are really jumping in, and really trying to take advantage of that situation. And that's, I think that's a good idea about the training is because it opens up your eyes to understand, hey, it's more about just emails, it's really about every way we can use technology, can be a vector on how we get attacked, and we have a couple of good examples on that as well. >> Let's talk about that, cause I want to see how easy it is for the bad actors to create phishing attacks. You were saying, it's not just email, it's through apps, it's through my smart speaker, which is one of the reasons I don't have one. But talk to me about how easy it is for them to actually set these up. >> Yeah, so we have, I think we have a demo we can show, an example that we can show, of what's going on. And what I'm showing here is basically how easy you can download proof of concept apps. Now, what I'm showing here is actually a defensive tool, it's for defenders, and people that want to test for security on testing, phishing, and how susceptible their organization may be to phishing. But you can see like attackers could do something very similar. This tool is called Black Eye. And what it does is allows me to create multiple different types of phishing websites. I can create a custom one, or I can use a template that's already created. Once I use this template, for example I'm using the LinkedIn template here, it's going to create a website for me. It already, this website, I can embed into a link if I was, if I was potentially a bad guy, I could hide it behind a link. I could potentially change the website to make it look more like LinkedIn. But when I go to the LinkedIn fake website, this phishing website, which is hosted, you'll see, it kind of looks like LinkedIn. It actually has that little security box, that little green box, because it generates a certificate as well. And when I go to the real LinkedIn website, yes, the real LinkedIn website does look a little different. It's using a more updated template, a more updated website, but most people aren't going to notice the difference between the real LinkedIn website, and here, where we have the fake LinkedIn website. And I'll just show you like, if I log in and I'm going to log in with a demo account, this is actually a honeypot demo account that we have, just to showcase this tool. But I'll log in here, and you'll see from our test box, as soon as we log in, and we go back to the attacker's point of view, he's captured the username, the password, but not only that he has the IP address, the ISP, the location of where the victim is coming from. So they have a lot of different types of information that they've captured. And this is just one simple way of doing the attack. Now, one thing to remember, I know I speak very fast, but at the same time, this is real time. I didn't like copy and paste anything, I just recorded this in real time, and replayed this. And this is how easy it is for an attacker to potentially start setting up a system where they can attack victims. >> That's remarkable, because I mean, I'm in LinkedIn every day, and I don't know, you talked about, we're all busy, multitasking, and things like that. I don't know that I would've, nothing that you showed caught my attention. So how would I know to, what would I know to look for as a user, as a potential victim? How do I look for something on that page to tell me "think twice about this? >> Yeah, it's getting much more difficult these days. I mean, one of the things that I do is I try and make sure I type in like the addresses, especially when I get links in emails, I try not to like, just click on the link directly. I try and look at what's behind that link, is it really going to the LinkedIn website, you know, I'll try and go ahead and type in it, type in the website in the web browser. But mostly I think the thing that we can do to all protect ourselves is like kind of slow down. One of the reasons I mentioned LinkedIn is not because LinkedIn is doing anything bad. They're actually taking a lot precautions on being secure. But you know, people, these days are very emotion, they're going back to work, they're maybe looking for new jobs, or they're trying to get back into the workforce after a pandemic. So there's a lot of people that are getting phishing attacks from attackers, and it's a really mean thing. They're taking once again, advantage of that emotion, like someone needs a job, so let me go ahead and send them a LinkedIn link, and this time they're just stealing their username and passwords. >> That's remarkable. I think another thing you can do, can you hover over the link, and if it looks suspicious, if it doesn't go to like linkedin.com, for example, in this case, that's one way, right, is to check out what that actual URL is. >> Yeah, absolutely, and that's a great way of doing that, so we definitely recommend that. Look at the, hover over the link, look over the links, type in the links directly if you can. And you can see like, you know, attackers are getting sophisticated.. We used to tell people, look for that green lock box, attackers can now generate that green lockbox, so you have to do a little more due diligence. Just keep your eyes a little sharper these days. >> Do you thing phishing is, and I know a lot of us understand what it is, but do you think it's as common ransomware was up? I think Derek told me 7X in the second half of calendar year, 2020, Is phishing becoming more of a household word like ransomware is? Or is that something that you think actually will help more organizations, and more people and more generations be just more aware of let me just take a step back, and check that this is legitimate. >> Yeah, so phishing, you have to remember is it's like the initial attack. So the demo that I just showed you, you could say the true attack was me possibly stealing the username and password, but a phishing would be the way that someone would get to get to that. Like by essentially mimicking the LinkedIn website, as I showed in the example. So ransomware is an attack, it's the main attack. Usually the attack that attackers are going for, but how they get into the system is usually through a phishing site. They'll usually try and phish your username and password to your corporate site, maybe your VPN services, or your remote desktop services. So phishing is usually in conjunction with another attack, and that's the scary part is attackers have a lot of attacks that you can choose from, but the attacks that they're normally normally conducting to get that initial access to your system is phishing. >> So besides training, which is obviously absolutely critical, how can organizations protect themselves against this threat landscape that I imagine is only going to continue to grow? >> Yeah, no, it's definitely going to continue to grow. And as I said, I really believe education is the best thing you can do. But on top of that, you know, just I would say, you know, cyber hygiene. The basic things that we always mention every time, it was like, make sure like your security products are up to date, make sure they're installed, make sure your patches are up to date, which is very difficult, but that does start helping things. Make sure you're using the latest version of your web browser. There's a lot of web browsers these days has some sort of anti-phishing type of tools in them as well, especially for websites. So they can kind of detect things. There's a once again, a lot of just even free plugins, security plugins, that are available, that kind of detect a lot of phishing sites as well. So there's a lot of things I think people can do to protect themselves from a technology standpoint. You know, with basic cyber hygiene, as well as security awareness. >> So you think this is really preventable, essentially. >> I don't think it's 100% preventable, because I think, you know, attackers are always going to take advantage of those times in our emotion when our emotions are heightened, and they're going to take advantage of just us sometimes like not paying as much attention to as we can. But I think you can definitely reduce that attack surface. The more we educate ourselves. >> Absolutely, tell me that training website again. >> Sure things, so it's basically Fortinet.com/training/taa. >> Excellent, and can you access different levels? Like if I literally point my mom to that website, can she access something that would be at her 75 year old brain level? >> Absolutely, so we have different levels out there. I would suggest that I go trying, everyone should try basically Level 1, NSC Level 1. That's our Security Institute. So that's really good awareness for everyone on all sorts of different levels. But we have training, geared towards specific individuals, and different age groups as well. >> Excellent, and it's one of those things that culturally is difficult I think for Americans, slow down, right? We don't do that, especially when people are still working from home, and probably now it's summertime, kids are out of school, things are a little bit more chaotic. That that best practice of an organization really keeping up with their cyber hygiene and us as individuals slowing down, checking something are really some of the best ways. Aamir, this is such an interesting topic. Thank you for showing us how easy it is to create phishing attacks, and what some of the things are that we as individuals, and companies can do to protect ourselves against it. >> Hey, no problem, glad to be here. >> For Aamir Lakhani, I'm Lisa Martin, you're watching this Cube conversation. (soft music)

>>covering the space and cybersecurity symposium 2020 hosted by Cal poly. Hold on. Welcome to this special presentation with Cal poly hosting the space and cybersecurity symposium, 2020 virtual, um, John for your host with the cube and Silicon angle here in our Palo Alto studios with our remote guests, we couldn't be there in person, but we're going to be here remotely. Got a great session and a panel for one hour topic preparing students for the jobs of today and tomorrow, but a great lineup. Bill Britain, Lieutenant Colonel from the us air force, retired vice president for information technology and CIO and the director of the California cyber security Institute for Cal poly bill. Thanks for joining us, dr. Amy Fisher, who's the Dean of the college of engineering at Cal poly and trunk fam professor and researcher at the U S air force Academy. Folks, thanks for joining me today. >>Our pleasure got a great, great panel. This is one of my favorite topics preparing students for the next generation, the jobs for today and tomorrow. We've got an hour. I'd love you guys to start with an opening statement, to kick things off a bill. We'll start with you. Well, I'm really pleased to be, to start on this. Um, as the director for the cybersecurity Institute and the CIO at Cal poly, it's really a fun, exciting job because as a Polytechnic technology, as such a forefront in what we're doing, and we've had a, a wonderful opportunity being 40 miles from Vandenberg air force base to really look at the nexus of space and cyber security. And if you add into that, uh, both commercial government and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the cyber security Institute, we partner with elements of the state and the university. >>And we try to really add value above our academic level, which is some of the highest in the nation and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools or middle schools in the state of California, that competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark autopsy and other tools that will give those high school students. What we hope is a huge desire to follow up and go into cyber and cyber space and space and follow that career path. And either come to Cal poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future >>Of our nation. >>Bill, thanks for that intro, by the way, it's gonna give you props for an amazing team and job you guys are doing at Cal poly, that Dex hub and the efforts you guys are having with your challenge. Congratulations on that great work. Thank you >>Star team. It's absolutely amazing. You find that much talent in one location. And I think Amy is going to tell you she's got the same amount of talent in her staff. So it's, it's a great place to be. >>Amy flasher. You guys have a great organization down there, amazing curriculum, grazing people, great community, your opening statement. >>Hello everybody. It's really great to be a part of this panel on behalf of the Cal poly college of engineering here at Cal poly, we really take preparing students for the jobs of today and tomorrow completely seriously. And we claim that our students really graduate. So they're ready day one for their first real job, but that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, but through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce here at Cal poly, we have more than 6,000 engineering students. >>We're one of the largest undergraduate engineering schools in the country. Um, and us news ranks us the eighth best undergraduate engineering program in the, in the country and the top ranked state school. We're really, really proud that we offer this impactful hands on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs and really we're talking today about cyber and space. And I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like Aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials, engineering, even manufacturing, civil and biomedical engineering. As there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers, and most of them are working right here in California. >>I'm with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon space, X, Virgin, galactic JPL, and so many other places where we have Cal poly engineer's impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs. And it's really a rapidly growing interest among our students. Computer science is our most popular major and industry interest and partnerships are integrated into our curriculum. And we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship and a cyber lab and from PG and E for critical infrastructure, cybersecurity lab, and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field's evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. >>In our aerospace program, we have an educational partnership with the air force research labs. That's allowing us to install new high performance computing capabilities and a space environments lab. That's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal poly is the founding home of the cube sat program, which pioneered small satellite capabilities. And we remain the worldwide leader in maintaining the cube set standard. And our student program has launched more cube sets than any other program. So here again, we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal poly space systems, which does really, really big rocket launches and our support program for women in both of these fields like wish, which is women in software and hardware. >>Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important and outreach and support to those demographics. Traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds, while we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows, we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard bill talking about the cyber cybersec, the California cybersecurity institutes a year late cyber challenge. There's a lot of other people who are working to bring in a wider variety of, uh, of people into the field, like girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges and a concert with Palo Alto networks. So we have our work cut out for us, but we know what we need to do. And if we're really committed to prep properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >>Yeah, you got a flashy for great, great comment, opening statement and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent and community as well. Thank thank you for that opening statement. Next step from Colorado Springs, trunk fam, who's a professor and researcher. The us air force Academy is doing a lot of research around the areas that are most important for the intersection of space and technology trunk. >>Good afternoon, first electric and Cal poli for the opportunity. And today I want to go briefly about cyber security in S application. Whenever we talk about cyber security, the impression is got yes, a new phew that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is in be complex because involve many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication sociology, law practice. And this practice of cyber security goes in on the info computer expert, but it's also info everybody else who has a computing device that is connected to the internet. And this participation is obviously every body in today's environment. When we think about the internet, we know that is a good source of information, but come with the convenience of information that we can access. >>We are constantly faced in being from the internet. Some of them, we might be aware of some of them we might not be aware of. For example, when we search on the internet, a lot of time, our browser will be saved and gotten this site is not trusted. So we will be more careful. What about the sites that we trusted? We know getting those salad chicken sites, but they're not a hundred percent good at proof. What happened? It was all side, uh, attack by hacker. And then they will be a silent source that we might not be aware of. So in the reality, we need to be more practicing the, um, cyber security from our SIBO point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware, a computer based tool by computer system and therefore the hardware and the software must go through some certification process so that they can be record that air with the flight. >>What the, when we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station and be communication is through the air, through the layby or signal. So anybody who has access to those communication regular signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. >>I'm not going to aspect of cybersecurity is we try to design the space system in a very strong manner. So it's almost impossible to hack in, but what about some August week system that might be connected to so strong system? For example, the spare system will be connected to the ground control station and on the ground control station, we have the human controller in those people have cell phone. They are allowed to use cell phones for communication, but at the same time, they are connected to the internet, to the cell phone and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is that we try to build strong system and we protected them, but there will be some weaker system that we could not intended, but exists to be connected to our strong system. And those are the points that hacker will be trying to attack. If we know how to control the access to those points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere, it's important to Merck that there is a source of opportunity for students to engage the workforce. To concede the obviously student in engineering can focus their knowledge and expertise to provide technological solution, to protect the system that we view. But we also >>Have students in business who can focus to write a business plan to reach the market. We also have student in law who can focus policy governing the cyber security. And we also have student in education who can focus the expert. She should be saying how to teach cyber security practice and students can focus the effort to implement security measures and it implies job opportunity. >>Thank you trunk for those great comments, great technology opportunities, but interesting as well as the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations and you pointed out some of them, dr. Fleischer did as well. And bill, you mentioned it. It's not one thing. It's not just technology, it's different skills. And, um, Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all of this is kind of balancing it's interdisciplinary. It's a structural change before we get into some of the, um, how they prepare the students. Can you guys talk about some of the structural changes that are modern now in preparing, um, in these opportunities because societal impact is a law potentially impact it's, it's how we educate there's no cross-discipline skillsets. It's not just get the degree, see out in the field bill, you want to start. >>Well, what's really fun about this job is, is that in the air force, uh, I worked in the space and missile business and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, uh, is a move to a digital environment. And the digital environment is a very quick and adaptive environment. And it's going to require a digital understanding. Matter of fact, um, the, uh, under secretary of the air force for acquisition, uh, rev recently referenced the need to understand the digital environment and how that's affecting acquisition. So as, as both Amy, um, and trunk said, even business students are now in the >>Cybersecurity business. And, and so, again, what we're seeing is, is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. Uh, one of the ways that we addressed that in the past was to look at high performance computing. It was a lot stricter control over how that worked, but now what we're seeing these adaptation of cloud cloud technologies in space support, space, data, command, and control. Uh, and so what we see is a modern space engineer who asked to understand digital, has to understand cloud and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer and what does a future engineer, both commercial or government? So I think the opportunity for all of these things is really good, particularly for a Polytechnic air force Academy and others that are focusing on a more, uh, widened experiential level of cloud and engineering and other capabilities. >>And I'll tell you the part that as the CIO, I have to remind everybody, all this stuff works for the it stuff. So you've got to understand how your it infrastructures are tied and working together. Um, as we noted earlier, one of the things is, is that these are all relays from point the point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware cyber knowledgeable, and in what we'd like to call as a cyber cognizant citizen, where they have to understand the context, patients chip software, that the Fleischer talk about your perspective, because you mentioned some of the things that computer science. Remember when I'm in the eighties, when I got my computer science degree, they call the software engineers, and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, um, and there's also business engineering business models. So talk about some of your comments was, you mentioned, computer science is hot. You got the aerospace, you've got these multidisciplines you got definitely diversity as well. It brings more perspectives in as well. Your thoughts on these structural interdisciplinary things. >>I think this is, this is really key to making sure that students are prepared to work in the workforce is looking at the, the blurring between fields no longer are you just a computer scientist, no longer are you just an aerospace engineer? You really have to have an expertise where you can work with people across disciplines. All of these, all of these fields are just working with each other in ways we haven't seen before. And bill brought up data, you know, data science is something that's cross cutting across all of our fields. So we want engineers that have the disciplinary expertise so that they can go deep into these fields, but we want them to be able to communicate with each and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. >>There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those, those disciplines. And as you, as Tron pointed out, you know, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the, the liberal arts and say, well, that's over there in general education. No ethics is an important part of what we're doing and how we integrate that into our curriculum. So it was communication. So is working on public policy and seeing where all of these different aspects tied together to make the impact that we want to have in the world. So it, you no longer can work solo in these fields. >>Great point. And bill also mentioned the cloud. One thing about the cloud that showed us as horizontal scalability has created a lot of value and certainly data is now horizontal Trung. You mentioned some of the things about cryptography for the kids out there. I mean, you can look at the pathway for career. You can do a lot of tech and, but you don't have to go deep. Sometimes you can go, you can go as deep as you want, but there's so much more there. Um, what technology do you see, how it's going to help students in your opinion? >>Well, I'm a professor in computer science, so I'd like to talk out a little bit about computer programming. Now we, uh, working in complex project. So most of the time we design a system from scratch. We view it from different components and the components that we have either we get it from or some time we get it from the internet in the open source environment, it's fun to get the source code and then work to our own application. So now when we are looking at a Logie, when we talk about encryption, for example, we can easily get the source code from the internet. And the question is, is safe to use those source code. And my, my, my question is maybe not. So I always encourage my students to learn how to write source score distribution, where that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful, especially with encryption is be quote that might be hidden in the, in the source, get the download here, some of the source. >>So open source, it's a wonderful place to be, but it's also that we have to be aware of >>Great point before we get into some of the common one quick thing for each of you like to get your comments on, you know, the there's been a big movement on growth mindset, which has been a great, I'm a big believer in having a growth mindset and learning and all that good stuff. But now that when you talk about some of these things that we're mentioning about systems, there's, there's an, there's a new trend around a systems mindset, because if everything's now a system distributed systems, now you have space in cyber security, you have to understand the consequences of changes. And you mentioned some of that Trung in changes in the source code. Could you guys share your quick opinions on the, the idea of systems thinking, is that a mindset that people should be looking at? Because it used to be just one thing, Oh, you're a systems guy or galley. There you go. You're done. Now. It seems to be in social media and data. Everything seems to be systems. What's your take dr. Fleischer, we'll start with you. >>Uh, I'd say it's a, it's another way of looking at, um, not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader, uh, system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see, where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. Bill. What's your thoughts? >>Um, I absolutely agree with Amy and I think there's a context here that reverse engineering, um, and forensics analysis and forensics engineering are becoming more critical than ever, uh, the ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets, or when you're given some software that's already been pre developed, checking it to make sure it is, is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis, >>The forensics analysis side, >>These are all things that are part of that system >>Approach that I think you could spend hours on. And we still haven't really done great job on it. So it's a, it's. One of my fortes is the really the whole analysis side of forensics and it reverse engineering >>Try and real quick systems thinking. >>Well, I'd like to share with you my experience. When I worked in the space patient program at NASA, we had two different approaches. One is a down approach where we design it from the system general point of view, where we put components to complex system. But at the same time, we have the bottom up approach where we have Ken Chile who spent time and effort the individual component. And they have to be expert in those Chinese component. That might be general component the gallery. And in the space station program, we bring together the welcome up engineer, who designed everything in detail in the system manager who manage the system design from the top down. And we meet in the middle and took the idea with compromise a lot of differences. Then we can leave a display station that we are operating to be okay, >>Great insight. And that's the whole teamwork collaboration that, that was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a, as a parent, I'm always trying to think about what's best for my kids in their friends, as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight, but this topics about students and helping them prepare. Uh, so we heard, you know, be, be multiple discipline, broaden your horizons, think like systems top down, bottom up, work together as a team and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well documented and certainly at the intersection of space and cyber, it's only gonna get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career at the flagship? We'll start with you in this one. >>I would say really one of the best ways to get students interested in the career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology sake, but that will limit you to a narrow set of students. And by showing that the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world, around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the, uh, the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers is going to be really critical. >>Real question, follow up. What do you think is the best entry point? You mentioned middle squad in here, elementary school. This comes, there's a lot of discussions around pipelining and we're going to get into women in tech and under-represented matters later, but you know, is it too early or what's the, what's your feeling on this? >>My feeling is the earlier we can normalize it the better the, uh, if you can normalize an interest in, in computers and technology and building an elementary school, that's absolutely critical. But the dropoff point that we're seeing is between what I would call like late elementary and early middle school. Um, and just kind of as an anecdote, I, for years ran an outreach program for girl Scouts in grades four and five and grade six, seven, and eight. And we had a hundred slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >>Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. Yeah. I mean, who wants to, who wouldn't want to be a white hat hacker? I mean, yeah, that sounds exciting. Yeah. Great questions. Let's start with some basic principles though. Is let me ask you a question, John, a name for me, one white hat, good person hacker. The name who works in the space industry and is an exemplar for students to look up to, um, you, um, Oh man. I'm hearing really. I can't, I can't, I can't, I can't imagine because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. I was going to be snarky and say, most white hackers won't even use their real name, but, um, there's a, there's an aura around their anonymity here. >>So, so again, the real question is, is how do we get them engaged and keep them engaged? And that's what Amy was pointing out too. Exactly the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that, uh, challenge environment and let them interact and let them talk about what they do and what they're doing in life would give them a challenging game format. Um, a lot of computer based training, um, capture the flag stuff is great, but if you can make it hands on, if you can make it a learn by doing experiment, if you can make it am personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. >>The second part is as part of what we're doing is, is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California, uh, of those 82 teams at six students team, middle school, high school, and many of those have company partners. And these are practitioners in cybersecurity who are working with those students to participate. It's it's that adult connectivity, it's that visualization. Um, so at the competition this year, um, we have the founder of Def con red flag is a participant to talk to the students. We have Vince surf as who is of course, very well known for something called the internet to participate. It's really getting the students to understand who's in this. Who can I look up to and how do I stay engaged with them? >>There's definitely a celebrity aspect of it. I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about, um, these ambassadors and, and, and how far along are you on that program? First of all, the challenge stuff is anything gamification wise. We've seen that with hackathons is just really works well. Grades, bonding, people who create together kinda get sticky and get very high community aspect to it. Talking about this ambassador thing. What does that industry is that academic >>Absolutely partners that we've identified? Um, some of which, and I won't hit all of them. So I'm sure I'll short changes, but, uh, Palo Alto, Cisco, um, Splunk, um, many of the companies in California and what we've done is identified, uh, schools, uh, to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. Uh, and so again, it's really about a constant connectivity and, uh, trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving, um, training and educational opportunities in the game of education side, since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the, >>You know, I've seen just the re randomly, just going to random thought, you know, robotics clubs are moving den closer into that middle school area, in fact Fleischer. And certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just combined made the JV at the college Dean, you know, it's big and it's up and serious. Right. And, um, it's fun. This is the aspect of fun. It's hands on. This is part of the culture down there you learn by doing, is there like a group? Is it like, um, is it like a club? I mean, how do you guys organize these bottoms up organically interest topics? >>So, so here in the college of engineering, uh, when we talk about learning by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at the, these types of, out of the classroom activities, we have over 80 clubs working on all different aspects of many of these are bottom up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train in the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. So, yeah, it's an absolutely great experience. And we don't define for them how their learned by doing experiences should be, we want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it. And, you know, we will help support those clubs as old clubs fade out and new clubs come in >>Trunk real quick. Before we go on the next, uh, talk track, what, what do you recommend for, um, middle school, high school or even elementary? Um, a little bit of coding Minecraft. I mean, what, how do you get them hooked on the fun and the dopamine of, uh, technology and cybersecurity? What's your, what's your take on that? >>On, on this aspect, I like to share with you my experience as a junior high and high school student in Texas, the university of Texas in Austin organized a competition for every high school in Texas. If we phew from poetry to mathematics, to science, computer engineering, but it's not about with university of Texas. The university of Texas is on the serving SSN for the final competition that we divide the competition to be strict and then regional, and then spit at each level, we have local university and colleges volunteering to host it competition and make it fun. >>Also students with private enterprises to raise funding for scholarship. So students who see the competition they get exposed to so they can see different option. They also get a scholarship when they attend university in college. So I've seen the combination in competition aspect would be a good thing to be >>Got the engagement, the aspiration scholarship, you know, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve jobs and was, was building the Mac, they call it bill Hewlett up in Palo Alto. It was in the phone book and they scoured some parts from them. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there, bill, we'll start with you? >>Well, I think it's really interesting. First thing I want to add is if I could have just a clarification, what's really cool that the competition that we have and we're running, it's run by student from Cal poly. Uh, so, you know, Amy referenced the clubs and other activities. So many of the, uh, organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition. And we use their areas of expertise, set design, and other things, uh, visualization of virtualization. Those are all part of how we then teach and educate cyber in our game effication and other areas. So they're all involved in their learning as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing, where our students are mentoring the other students. And I think it's also something that's really important in the game. Um, the first year we held the game, we had several all girl teams and it was really interesting because a, they, they didn't really know if they could compete. I mean, this is their, their reference point. We don't know if they did better than anybody. I mean, they, they knocked the ball out >>Of the park. The second part then is building that confidence level that they can going back and telling their cohorts that, Hey, it's not this thing you can't do. It's something real that you can compete and win. And so again, it's building that comradery, that spirit, that knowledge that they can succeed. And I think that goes a long way and an Amy's programs and the reach out and the reach out that Cal poly does to schools to develop. Uh, I think that's what it really is going to take. It. It is going to take that village approach to really increase diversity and inclusivity for the community. >>That's the flusher. I'd love to get your thoughts. You mentioned, um, your, your outreach program and the dropoff, some of those data, uh, you're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >>Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them, you know, what the exciting part is about it, right. But, you know, bill was, was alluding to this. And when he was talking about, you know, trying to name somebody that you can can point to. And I think having those visible people where you can see yourself in that is, is absolutely critical and those mentors and that mentorship program. So we use a lot of our students going out into California, middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our national society of black engineers or a society of Hispanic professional engineers or our society of women engineers. >>We have over a thousand members, a thousand student members in our society of women engineers who were doing these outreach programs. But like I also said, it's hitting them at the lower levels too. And girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges, starting in kindergarten. There's a cybersecurity badge for kindergarten and first graders. And it goes all the way up through late high school, the same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity and partnership with Palo Alto networks. And what you do is you want to build these, these skills that the girls are developing. And like bill said, work in and girl led teams where they can do it. And if they're doing it from kindergarten on, it just becomes normal. And they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >>Yeah. It's interesting. You used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't learn how to be a white, white hat hacker, or have fun or learn new skills just in, in the, in the grind of your fun day. Super exciting. Okay. Trung your thoughts on this. I mean, you have a diverse diversity. It brings perspective to the table in cybersecurity because you have to think like the other, the adversary, you got to be the white headed hippie, a white hat, unless you know how black hat thinks. So there's a lot of needs here for more, more, more points of view. How are we going to get people trained on this from under represented minorities and women? What's your thoughts? >>Well, as a member of, I took a professional society of directed pool in the electronic engineer. You have the, uh, we participate in the engineering week. We'll be ploy our members to local junior high school and high school to talk about our project, to promote the discovery of engineering. But at the same time, we also participate in the science fair that we scaled up flex. As the squad organizing our engineer will be mentoring students, number one, to help them with the part check, but number two, to help us identify talents so that we can recruit them further into the field of STEM. One of the participation that week was the competition of the, what they call future CV. We're still going, we'll be doing a CT on a computer simulation. And in recent year we promote ops smart CV where CT will be connected the individual houses to be added in through the internet. >>And we want to bring awareness of cybersecurity into competition. So we deploy engineer to supervise the people, the students who participate in the competition, we bring awareness, not in the technical be challenged level, but in what we've called the compound level. So speargun will be able to know what is, why to provide cyber security for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the room. And so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to get students to continue education in Epic college level. So with scholarship, it's very easy to recruit them, to give you and then push them to go further into the cyber security Eylea. >>Yeah. I mean, you know, I see a lot of the parents like, Oh, my kid's going to go join the soccer team, >>Private lessons, and maybe look at a scholarship >>Someday. Well, they only do have scholarships anyway. I mean, this is if they spent that time doing other things, it's just, again, this is a new lifestyle, like the girl Scouts. And this is where I want to get into this whole silo breaking down because Amy, you brought this up and bill, you were talking about as well, you've got multiple stakeholders here with this event. You got, you know, public, you got private and you've got educators. It's the intersection of all of them. It's again, that those, if those silos break down the confluence of those three stakeholders have to work together. So let's, let's talk about that. Educators. You guys are educating young minds, you're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity is maybe it's more recent, it's cutting edge, best practices, but still it's an, it's an evolving playbook. What's your thoughts for educators, bill? We'll start with you. >>Well, I don't really, I'm going to turn it off. >>I would say, I would say as, as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and, um, applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that, that works in both ways that, you know, we can talk as educators and we can be telling industry what we're working on and what are types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way as well. >>And I think it's just all part of this is really looking at, at what's going to be happening and how do we get people talking to each other and the same thing with looking at public policy and bringing that into our education and into these real hands on experiences. And that's how you really cement this type of knowledge with students, not by not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just up and you keep going. >>And these are important skills that you develop along the way >>You mentioned, um, um, sharing too. That's the key collaborating and sharing knowledge. It's an open, open world and everyone's collaborating feel private public partnerships. I mean, there's a real private companies. You mentioned Palo Alto networks and others. There's a real intersection there there's, they're motivated. They could, the scholarship opportunities, trunk points to that. What is the public private educator view there? How do companies get involved? What's the benefit for them? >>Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes, people who are really focused on developing and furthering those public private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, uh, not to take away from the academic side, but to add additional opportunities for both sides. Remember in a public private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject space and cyber security. This has been an absolute banner year for space. The Stanhope of space force, the launch of commercial partnership, leaving commercial platforms, delivering astronauts to the space station, recovering them and bringing back the ability of a commercial satellite platform to be launched a commercial platforms that not only launch, but return back to where they're launched from. >>These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested, they're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that public private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil moving from one side of the earth, to the other via space. And it's about government. And what's really cool for us. All those things are in our backyard. Yeah. That's where that public private comes together. The government's involved, the private sector is involved. The educators are involved and we're all looking at the same things and trying to figure out like this forum, what works best to go to the future. >>You know, if people are bored and they want to look for an exciting challenge, he couldn't have laid it out any clearer. It's the most exciting discipline. It hits everything. I mean, we just talk about space. GPS is everything we do is well tested. Do with satellites. >>I have to tell you a story on that, right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the air force. So you can't get better than that when it comes to being connected to all those platforms. So we, we really want to say, you know, this is so exciting for all of us because >>It gives everybody a job for a long time. >>You know, the kids that don't think tick toxic, exciting, wait til they see what's going on here with you guys, this program, trunk final word on this from the public side, you're at the air force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >>I think it's the same in athlete university CP in the engineering program will require our students to be final project before graduation. And in this kind of project, we send them out to work in the private industry. The private company got sponsor. Then they get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Some, some kind of, we call that a core program, some kind, we call that a capstone program and the company will accept the students on a trial PRCS, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final of the job. >>So the collaboration between university and private sector is really important. We, when I joined a faculty, normally they already exist that connection. It came from. Normally it came from the Dean of engineering who would whine and dine with companies. We work relationship and sign up women, but it's approach to do a good performance so that we can be credibility to continue the relationship with those company and the students that we selected to send to those company. We have to make sure that they will represent the university. Well, they will go a good job and they will make a good impression. >>Thank you very much for great insight, trunk, bill, Amy, amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung bill and Amy Truong, the importance of cybersecurity space statement. >>We know that it's affecting components that we are using and we are connecting to. And normally we use them for personal purpose. But when we connect to the important system that the government public company put into space, so it's really important to practice cyber security and a lot of time, it's very easy to know concept. We have to be careful, but in reality, we tend to forget to partnership the way we forget how to ride safely. And with driving a car, we have a program called defensive driving that requires every two or three years to get. We can get discount. >>We are providing the cyber security practice, not to tell people about the technology, but to remind them not practicing cybersecurity. And it's a requirement for every one of us, bill, the importance of cyber security to space. It's not just about young people. It's about all of us as we grow and we change as I referenced it, you know, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine. We need to be just as cognizant about cybersecurity practice as the young people, we need to understand how it affects our lives and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data, transfer all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expensive for all of us, Amy, the importance of cybersecurity space, >>Uh, and the, the emphasis of cybersecurity is space. Just simply, can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students, to children >>Today. But these are my really interesting fields that you need to consider. >>Thank you very much. I'm John foray with the cube and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people and society. Thank you to Cal poly. And thank you for watching the Cypress of computer security and space symposium 2020.

>> Announcer: From around the globe, it's The Cube, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special virtual conference, the Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from The Cube. I'm John Furey, your host and master of ceremony's got a great topic today, and this session is really the intersection of space and cybersecurity. This topic, and this conversation is a cybersecurity workforce development through public and private partnerships. And we've got a great lineup, we've Jeff Armstrong is the president of California Polytechnic State University, also known as Cal Poly. Jeffrey, thanks for jumping on and Bong Gumahad. The second, Director of C4ISR Division, and he's joining us from the Office of the Under Secretary of Defense for the acquisition and sustainment of Department of Defense, DOD, and of course Steve Jacques is Executive Director, founder National Security Space Association, and managing partner at Velos. Gentlemen, thank you for joining me for this session, we've got an hour of conversation, thanks for coming on. >> Thank you. >> So we've got a virtual event here, we've got an hour to have a great conversation, I'd love for you guys to do an opening statement on how you see the development through public and private partnerships around cybersecurity and space, Jeff, we'll start with you. >> Well, thanks very much, John, it's great to be on with all of you. On behalf of Cal Poly, welcome everyone. Educating the workforce of tomorrow is our mission at Cal Poly, whether that means traditional undergraduates, masters students, or increasingly, mid-career professionals looking to upskill or re-skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers, ready day one with practical skills and experience. We have long thought of ourselves as lucky to be on California's beautiful central coast, but in recent years, as we've developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, We have discovered that our location is even more advantageous than we thought. We're just 50 miles away from Vandenberg, a little closer than UC Santa Barbara and the base represents the Southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air Force Base have partnered to support regional economic development, to encourage the development of a commercial space port, to advocate for the space command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because both parties stand to benefit. Vandenberg, by securing new streams of revenue, workforce, and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the central coast and the U.S., creating new head of household jobs, infrastructure, and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called REACH which coordinates development efforts from Vandenberg Air Force Base in the South to Camp Roberts in the North. Another factor that has facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has as long been an important defense contractor and an important partner to Cal Poly, funding scholarships in facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years, Northrop Grumman has funded scholarships for Cal Poly students. This year, they're funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars Program. Cal Poly scholars support both incoming freshmen and transfer students. These are especially important, 'cause it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented, and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernize the U.S. ICBM armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting... Protecting our efforts in space requires partnerships in the digital realm. Cal Poly has partnered with many private companies such as AWS. Our partnerships with Amazon Web Services has enabled us to train our students with next generation cloud engineering skills, in part, through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cyber Security Institute College of Engineering and the California National Guard. This partnership is focused on preparing a cyber-ready workforce, by providing faculty and students with a hands on research and learning environment side by side with military law enforcement professionals and cyber experts. We also have a long standing partnership with PG&E most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry. As a rough approximation, more than 4,500 Cal Poly graduates list aerospace or defense as their employment sector on LinkedIn. And it's not just our engineers in computer sciences. When I was speaking to our fellow panelists not too long ago, speaking to Bong, we learned that Rachel Sims, one of our liberal arts majors is working in his office, so shout out to you, Rachel. And then finally, of course, some of our graduates soar to extraordinary heights, such as Commander Victor Glover, who will be heading to the International Space Station later this year. As I close, all of which is to say that we're deeply committed to workforce development and redevelopment, that we understand the value of public-private partnerships, and that we're eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state and the nation, in our past efforts in space, cyber security and links to our partners at, as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cyber security. Thank you so much, John. >> President Armstrong, thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique, progressive view and want to tip a hat to you guys over there, thank you very much for those comments, appreciate it. Bong, Department of Defense. Exciting, you've got to defend the nation, space is global, your opening statement. >> Yes, sir, thanks John, appreciate that. Thank you everybody, I'm honored to be in this panel along with Preston Armstrong of Cal Poly and my longtime friend and colleague Steve Jacques of the National Security Space Association to discuss a very important topic of a cybersecurity workforce development as President Armstrong alluded to. I'll tell you, both of these organizations, Cal Poly and the NSSA have done and continue to do an exceptional job at finding talent, recruiting them and training current and future leaders and technical professionals that we vitally need for our nation's growing space programs, as well as our collective national security. Earlier today, during session three, I, along with my colleague, Chris Samson discussed space cyber security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferation of hundreds, if not thousands of satellites, providing a variety of services including communications, allowing for global internet connectivity, as one example. Within DOD, we continued to look at how we can leverage this opportunity. I'll tell you, one of the enabling technologies, is the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used and employed for DOD. Certainly not lost on me is the fact that Cal Poly pioneered CubeSats 28, 27 years ago, and they set a standard for the use of these systems today. So they saw the value and benefit gained way ahead of everybody else it seems. And Cal Poly's focus on training and education is commendable. I'm especially impressed by the efforts of another of Steven's colleague, the current CIO, Mr. Bill Britton, with his high energy push to attract the next generation of innovators. Earlier this year, I had planned on participating in this year's cyber innovation challenge in June, Oops, Cal Poly hosts California middle, and high school students, and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid, unfortunately, the pandemic changed the plan, but I truly look forward to future events such as these, to participate in. Now, I want to recognize my good friend, Steve Jacques, whom I've known for perhaps too long of a time here, over two decades or so, who was an acknowledged space expert and personally I've truly applaud him for having the foresight a few years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology, but policy issues and challenges and paved the way for operationalizing space. Space, it certainly was fortifying domain, it's not a secret anymore, and while it is a unique area, it shares a lot of common traits with the other domains, such as land, air, and sea, obviously all are strategically important to the defense of the United States. In conflict, they will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts, and in a joint operation, we must succeed in all. So defending space is critical, as critical as to defending our other operational domains. Funny, space is the only sanctuary available only to the government. Increasingly as I discussed in a previous session, commercial space is taking the lead in a lot of different areas, including R&D, the so-called new space. So cybersecurity threat is even more demanding and even more challenging. The U.S. considers and futhered access to and freedom to operate in space, vital to advancing security, economic prosperity and scientific knowledge of the country, thus making cyberspace an inseparable component of America's financial, social government and political life. We stood up US Space Force a year ago or so as the newest military service. Like the other services, its mission is to organize, train and equip space forces in order to protect U.S. and allied interest in space and to provide spacecape builders who joined force. Imagine combining that U.S. Space Force with the U.S. Cyber Command to unify the direction of the space and cyberspace operation, strengthen DOD capabilities and integrate and bolster a DOD cyber experience. Now, of course, to enable all of this requires a trained and professional cadre of cyber security experts, combining a good mix of policy, as well as a high technical skill set. Much like we're seeing in STEM, we need to attract more people to this growing field. Now, the DOD has recognized the importance to the cybersecurity workforce, and we have implemented policies to encourage its growth. Back in 2013, the Deputy Secretary of Defense signed a DOD Cyberspace Workforce Strategy, to create a comprehensive, well-equipped cyber security team to respond to national security concerns. Now, this strategy also created a program that encourages collaboration between the DOD and private sector employees. We call this the Cyber Information Technology Exchange program, or CITE that it's an exchange program, which is very interesting in which a private sector employee can naturally work for the DOD in a cyber security position that spans across multiple mission critical areas, important to the DOD. A key responsibility of the cyber security community is military leaders, unrelated threats, and the cyber security actions we need to have to defeat these threats. We talked about rapid acquisition, agile business processes and practices to speed up innovation, likewise, cyber security must keep up with this challenge. So cyber security needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent, invest in the people now to grow a robust cybersecurity workforce for the future. I look forward to the panel discussion, John, thank you. >> Thank you so much, Bob for those comments and, you know, new challenges or new opportunities and new possibilities and freedom to operate in space is critical, thank you for those comments, looking forward to chatting further. Steve Jacques, Executive Director of NSSA, you're up, opening statement. >> Thank you, John and echoing Bongs, thanks to Cal Poly for pulling this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, on behalf of the association, I'm delighted and honored to be on this panel of President Armstrong, along with my friend and colleague, Bong Gumahad. Something for you all to know about Bong, he spent the first 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve, very few people do that. So Bong, on behalf of the space community, we thank you for your lifelong devotion to service to our nation, we really appreciate that. And I also echo a Bong shout out to that guy, Bill Britton. who's been a long time co-conspirator of ours for a long time, and you're doing great work there in the cyber program at Cal Poly, Bill, keep it up. But Professor Armstrong, keep a close eye on him. (laughter) I would like to offer a little extra context to the great comments made by President Armstrong and Bong. And in our view, the timing of this conference really could not be any better. We all recently reflected again on that tragic 9/11 surprise attack on our homeland and it's an appropriate time we think to take pause. While a percentage of you in the audience here weren't even born or were babies then, for the most of us, it still feels like yesterday. And moreover, a tragedy like 9/11 has taught us a lot to include, to be more vigilant, always keep our collective eyes and ears open, to include those "eyes and ears from space," making sure nothing like this ever happens again. So this conference is a key aspect, protecting our nation requires we work in a cyber secure environment at all times. But you know, the fascinating thing about space systems is we can't see 'em. Now sure, we see space launches, man, there's nothing more invigorating than that. But after launch they become invisible, so what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well to illustrate, I'd like to paraphrase elements of an article in Forbes magazine, by Bongs and my good friend, Chuck Beames, Chuck is a space guy, actually had Bongs job a few years in the Pentagon. He's now Chairman and Chief Strategy Officer at York Space Systems and in his spare time, he's Chairman of the Small Satellites. Chuck speaks in words that everyone can understand, so I'd like to give you some of his words out of his article, paraphrase somewhat, so these are Chuck's words. "Let's talk about average Joe and plain Jane. "Before heading to the airport for a business trip "to New York city, Joe checks the weather forecast, "informed by NOAA's weather satellites, "to see what to pack for the trip. "He then calls an Uber, that space app everybody uses, "it matches riders with drivers via GPS, "to take him to the airport. "So Joe has launched in the airport, "unbeknownst to him, his organic lunch is made "with the help of precision farming "made possible to optimize the irrigation and fertilization "with remote spectral sensing coming from space and GPS. "On the plane, the pilot navigates around weather, "aided by GPS and NOAA's weather satellites "and Joe makes his meeting on time "to join his New York colleagues in a video call "with a key customer in Singapore, "made possible by telecommunication satellites. "En route to his next meeting, "Joe receives notice changing the location of the meeting "to the other side of town. "So he calmly tells Siri to adjust the destination "and his satellite-guided Google maps redirect him "to the new location. "That evening, Joe watches the news broadcast via satellite, "report details of meeting among world leaders, "discussing the developing crisis in Syria. "As it turns out various forms of "'remotely sensed information' collected from satellites "indicate that yet another banned chemical weapon "may have been used on its own people. "Before going to bed, Joe decides to call his parents "and congratulate them for their wedding anniversary "as they cruise across the Atlantic, "made possible again by communication satellites "and Joe's parents can enjoy the call "without even wondering how it happened. "The next morning back home, "Joe's wife, Jane is involved in a car accident. "Her vehicle skids off the road, she's knocked unconscious, "but because of her satellite equipped OnStar system, "the crash is detected immediately, "and first responders show up on the scene in time. "Joe receives the news, books an early trip home, "sends flowers to his wife "as he orders another Uber to the airport. "Over that 24 hours, "Joe and Jane used space system applications "for nearly every part of their day. "Imagine the consequences if at any point "they were somehow denied these services, "whether they be by natural causes or a foreign hostility. "In each of these satellite applications used in this case, "were initially developed for military purposes "and continued to be, but also have remarkable application "on our way of life, just many people just don't know that." So ladies and gentlemen, now you know, thanks to Chuck Beames. Well, the United States has a proud heritage of being the world's leading space-faring nation. Dating back to the Eisenhower and Kennedy years, today, we have mature and robust systems operating from space, providing overhead reconnaissance to "watch and listen," provide missile warning, communications, positioning, navigation, and timing from our GPS system, much of which you heard in Lieutenant General JT Thomson's earlier speech. These systems are not only integral to our national security, but also to our quality of life. As Chuck told us, we simply no longer can live without these systems as a nation and for that matter, as a world. But over the years, adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing catch up while also pursuing capabilities that will challenge our systems. As many of you know, in 2007, China demonstrated its ASAT system by actually shooting down one of its own satellites and has been aggressively developing counterspace systems to disrupt ours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to be. Well, as a Bong mentioned, the United States have responded to these changing threats. In addition to adding ways to protect our system, the administration and the Congress recently created the United States Space Force and the operational United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located at Vandenberg Air Force Base. Combined with our intelligence community, today we have focused military and civilian leadership now in space, and that's a very, very good thing. Commensurately on the industry side, we did create the National Security Space Association, devoted solely to supporting the National Security Space Enterprise. We're based here in the DC area, but we have arms and legs across the country and we are loaded with extraordinary talent in scores of former government executives. So NSSA is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway, ranging from a number of thought-provoking policy papers, our recurring spacetime webcasts, supporting Congress's space power caucus, and other main serious efforts. Check us out at nssaspace.org. One of our strategic priorities and central to today's events is to actively promote and nurture the workforce development, just like Cal-Poly. We will work with our U.S. government customers, industry leaders, and academia to attract and recruit students to join the space world, whether in government or industry, and to assist in mentoring and training as their careers progress. On that point, we're delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with them very soon. So students stay tuned, something I can tell you, space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry workforce is highly diverse, with a combination of engineers, physicists and mathematicians, but also with a large non-technical expertise as well. Think about how government gets these systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board, from cost estimating, cost analysis, budgeting, procurement, legal, and many other support tasks that are integral to the mission. Many thousands of people work in the space workforce, tens of billions of dollars every year. This is really cool stuff and no matter what your education background, a great career to be part of. In summary, as Bong had mentioned as well, there's a great deal of exciting challenges ahead. We will see a new renaissance in space in the years ahead and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Branson, are in the game, stimulating new ideas and business models. Other private investors and startup companies, space companies are now coming in from all angles. The exponential advancement of technology and micro electronics now allows a potential for a plethora of small sat systems to possibly replace older satellites, the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much and I look forward to the further conversation. >> Steve, thank you very much. Space is cool, it's relevant, but it's important as you pointed out in your awesome story about how it impacts our life every day so I really appreciate that great story I'm glad you took the time to share that. You forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you, but we'll add that to the story later, great stuff. My first question is, let's get into the conversations, because I think this is super important. President Armstrong, I'd like you to talk about some of the points that was teased out by Bong and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation, there are opportunities now with research and grants, and this is a funding of innovation that is highly accelerated, it's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >> Yeah, I really appreciate that and appreciate the comments of my colleagues. And it really boils down to me to partnerships, public-private partnerships, you have mentioned Northrop Grumman, but we have partnerships with Lockheed Martin, Boeing, Raytheon, Space X, JPL, also member of an organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science and I hope that we can spill into cybersecurity and space. But those partnerships in the past have really brought a lot forward. At Cal Poly, as mentioned, we've been involved with CubeSat, we've have some secure work, and we want to plan to do more of that in the future. Those partnerships are essential, not only for getting the R&D done, but also the students, the faculty, whether they're master's or undergraduate can be involved with that work, they get that real life experience, whether it's on campus or virtually now during COVID or at the location with the partner, whether it may be governmental or industry, and then they're even better equipped to hit the ground running. And of course we'd love to see more of our students graduate with clearance so that they could do some of that secure work as well. So these partnerships are absolutely critical and it's also in the context of trying to bring the best and the brightest in all demographics of California and the U.S. into this field, to really be successful. So these partnerships are essential and our goal is to grow them just like I know our other colleagues in the CSU and the UC are planning to do. >> You know, just as my age I've seen, I grew up in the eighties and in college and they're in that system's generation and the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives, they were really funded through these kinds of real deep research. Bong, talk about that because, you know, we're living in an age of cloud and Bezos was mentioned, Elon Musk, Sir Richard Branson, you got new ideas coming in from the outside, you have an accelerated clock now in terms of the innovation cycles and so you got to react differently, you guys have programs to go outside of the defense department, how important is this because the workforce that are in schools and/or folks re-skilling are out there and you've been on both sides of the table, so share your thoughts. >> No, thanks Johnny, thanks for the opportunity to respond to, and that's what, you know, you hit on the nose back in the 80's, R&D and space especially was dominated by government funding, contracts and so on, but things have changed as Steve pointed out, allow these commercial entities funded by billionaires are coming out of the woodwork, funding R&D so they're taking the lead, so what we can do within the DOD in government is truly take advantage of the work they've done. And since they're, you know, paving the way to new approaches and new way of doing things and I think we can certainly learn from that and leverage off of that, saves us money from an R&D standpoint, while benefiting from the product that they deliver. You know, within DOD, talking about workforce development, you know, we have prioritized and we have policies now to attract and retain the talent we need. I had the folks do some research and it looks like from a cybersecurity or workforce standpoint, a recent study done, I think last year in 2019, found that the cyber security workforce gap in U.S. is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened, getting people through, you know, starting young and through college, like Professor Armstrong indicated because we're going to need them to be in place, you know, in a period of about maybe a decade or so. On top of that, of course, is the continuing issue we have with the gap with STEM students. We can't afford not have expertise in place to support all the things we're doing within DoD, not only DoD but the commercial side as well, thank you. >> How's the gap get filled, I mean, this is, again, you've got cybersecurity, I mean, with space it's a whole other kind of surface area if you will, it's not really surface area, but it is an IOT device if you think about it, but it does have the same challenges, that's kind of current and progressive with cybersecurity. Where's the gap get filled, Steve or President Armstrong, I mean, how do you solve the problem and address this gap in the workforce? What are some solutions and what approaches do we need to put in place? >> Steve, go ahead., I'll follow up. >> Okay, thanks, I'll let you correct me. (laughter) It's a really good question, and the way I would approach it is to focus on it holistically and to acknowledge it upfront and it comes with our teaching, et cetera, across the board. And from an industry perspective, I mean, we see it, we've got to have secure systems in everything we do, and promoting this and getting students at early ages and mentoring them and throwing internships at them is so paramount to the whole cycle. And that's kind of, it really takes a focused attention and we continue to use the word focus from an NSSA perspective. We know the challenges that are out there. There are such talented people in the workforce, on the government side, but not nearly enough of them and likewise on the industry side, we could use more as well, but when you get down to it, you know, we can connect dots, you know, the aspects that Professor Armstrong talked about earlier to where you continue to work partnerships as much as you possibly can. We hope to be a part of that network, that ecosystem if you will, of taking common objectives and working together to kind of make these things happen and to bring the power, not just of one or two companies, but of our entire membership thereabout. >> President Armstrong-- >> Yeah, I would also add it again, it's back to the partnerships that I talked about earlier, one of our partners is high schools and schools Fortune, Margaret Fortune, who worked in a couple of administrations in California across party lines and education, their fifth graders all visit Cal Poly, and visit our learned-by-doing lab. And you've got to get students interested in STEM at an early age. We also need the partnerships, the scholarships, the financial aid, so the students can graduate with minimal to no debt to really hit the ground running and that's exacerbated and really stress now with this COVID induced recession. California supports higher education at a higher rate than most states in the nation, but that has brought this year for reasons all understand due to COVID. And so our partnerships, our creativity, and making sure that we help those that need the most help financially, that's really key because the gaps are huge. As my colleagues indicated, you know, half a million jobs and I need you to look at the students that are in the pipeline, we've got to enhance that. And the placement rates are amazing once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, placement rates are like 94%. Many of our engineers, they have jobs lined up a year before they graduate. So it's just going to take a key partnerships working together and that continued partnership with government local, of course, our state, the CSU, and partners like we have here today, both Steve and Bong so partnerships is the thing. >> You know, that's a great point-- >> I could add, >> Okay go ahead. >> All right, you know, the collaboration with universities is one that we put on lot of emphasis here, and it may not be well known fact, but just an example of national security, the AUC is a national centers of academic excellence in cyber defense works with over 270 colleges and universities across the United States to educate and certify future cyber first responders as an example. So that's vibrant and healthy and something that we ought to take advantage of. >> Well, I got the brain trust here on this topic. I want to get your thoughts on this one point, 'cause I'd like to define, you know, what is a public-private partnership because the theme that's coming out of the symposium is the script has been flipped, it's a modern era, things are accelerated, you've got security, so you've got all of these things kind of happenning it's a modern approach and you're seeing a digital transformation play out all over the world in business and in the public sector. So what is a modern public-private partnership and what does it look like today because people are learning differently. COVID has pointed out, which is that we're seeing right now, how people, the progressions of knowledge and learning, truth, it's all changing. How do you guys view the modern version of public-private partnership and some examples and some proof points, can you guys share that? We'll start with you, Professor Armstrong. >> Yeah, as I indicated earlier, we've had, and I could give other examples, but Northrop Grumman, they helped us with a cyber lab many years ago that is maintained directly, the software, the connection outside it's its own unit so the students can learn to hack, they can learn to penetrate defenses and I know that that has already had some considerations of space, but that's a benefit to both parties. So a good public-private partnership has benefits to both entities and the common factor for universities with a lot of these partnerships is the talent. The talent that is needed, what we've been working on for years of, you know, the undergraduate or master's or PhD programs, but now it's also spilling into upskilling and reskilling, as jobs, you know, folks who are in jobs today that didn't exist two years, three years, five years ago, but it also spills into other aspects that can expand even more. We're very fortunate we have land, there's opportunities, we have ONE Tech project. We are expanding our tech park, I think we'll see opportunities for that and it'll be adjusted due to the virtual world that we're all learning more and more about it, which we were in before COVID. But I also think that that person to person is going to be important, I want to make sure that I'm driving across a bridge or that satellite's being launched by the engineer that's had at least some in person training to do that in that experience, especially as a first time freshman coming on campus, getting that experience, expanding it as an adult, and we're going to need those public-private partnerships in order to continue to fund those at a level that is at the excellence we need for these STEM and engineering fields. >> It's interesting people and technology can work together and these partnerships are the new way. Bongs too with reaction to the modern version of what a public successful private partnership looks like. >> If I could jump in John, I think, you know, historically DOD's had a high bar to overcome if you will, in terms of getting rapid... pulling in new companies, miss the fall if you will, and not rely heavily on the usual suspects, of vendors and the like, and I think the DOD has done a good job over the last couple of years of trying to reduce that burden and working with us, you know, the Air Force, I think they're pioneering this idea around pitch days, where companies come in, do a two-hour pitch and immediately notified of, you know, of an a award, without having to wait a long time to get feedback on the quality of the product and so on. So I think we're trying to do our best to strengthen that partnership with companies outside of the main group of people that we typically use. >> Steve, any reaction, any comment to add? >> Yeah, I would add a couple and these are very excellent thoughts. It's about taking a little gamble by coming out of your comfort zone, you know, the world that Bong and I, Bong lives in and I used to live in the past, has been quite structured. It's really about, we know what the threat is, we need to go fix it, we'll design as if as we go make it happen, we'll fly it. Life is so much more complicated than that and so it's really, to me, I mean, you take an example of the pitch days of Bong talks about, I think taking a gamble by attempting to just do a lot of pilot programs, work the trust factor between government folks and the industry folks and academia, because we are all in this together in a lot of ways. For example, I mean, we just sent a paper to the white house at their request about, you know, what would we do from a workforce development perspective and we hope to embellish on this over time once the initiative matures, but we have a piece of it for example, is a thing we call "clear for success," getting back to president Armstrong's comments so at a collegiate level, you know, high, high, high quality folks are in high demand. So why don't we put together a program that grabs kids in their underclass years, identifies folks that are interested in doing something like this, get them scholarships, have a job waiting for them that they're contracted for before they graduate, and when they graduate, they walk with an SCI clearance. We believe that can be done, so that's an example of ways in which public-private partnerships can happen to where you now have a talented kid ready to go on day one. We think those kinds of things can happen, it just gets back down to being focused on specific initiatives, giving them a chance and run as many pilot programs as you can, like pitch days. >> That's a great point, it's a good segue. Go ahead, President Armstrong. >> I just want to jump in and echo both the Bong and Steve's comments, but Steve that, you know, your point of, you know our graduates, we consider them ready day one, well they need to be ready day one and ready to go secure. We totally support that and love to follow up offline with you on that. That's exciting and needed, very much needed more of it, some of it's happening, but we certainly have been thinking a lot about that and making some plans. >> And that's a great example, a good segue. My next question is kind of re-imagining these workflows is kind of breaking down the old way and bringing in kind of the new way, accelerate all kinds of new things. There are creative ways to address this workforce issue and this is the next topic, how can we employ new creative solutions because let's face it, you know, it's not the days of get your engineering degree and go interview for a job and then get slotted in and get the intern, you know, the programs and you'd matriculate through the system. This is multiple disciplines, cybersecurity points at that. You could be smart in math and have a degree in anthropology and be one of the best cyber talents on the planet. So this is a new, new world, what are some creative approaches that's going to work for you? >> Alright, good job, one of the things, I think that's a challenge to us is, you know, somehow we got me working for, with the government, sexy right? You know, part of the challenge we have is attracting the right level of skill sets and personnel but, you know, we're competing, oftentimes, with the commercial side, the gaming industry as examples is a big deal. And those are the same talents we need to support a lot of the programs that we have in DOD. So somehow we have do a better job to Steve's point about making the work within DOD, within the government, something that they would be interested early on. So attract them early, you know, I could not talk about Cal Poly's challenge program that they were going to have in June inviting high school kids really excited about the whole idea of space and cyber security and so on. Those are some of the things that I think we have to do and continue to do over the course of the next several years. >> Awesome, any other creative approaches that you guys see working or might be an idea, or just to kind of stoke the ideation out there? Internships, obviously internships are known, but like, there's got to be new ways. >> Alright, I think you can take what Steve was talking about earlier, getting students in high school and aligning them sometimes at first internship, not just between the freshman and sophomore year, but before they enter Cal Poly per se and they're involved. So I think that's absolutely key, getting them involved in many other ways. We have an example of upskilling or work redevelopment here in the central coast, PG&E Diablo nuclear plant that is going to decommission in around 2024. And so we have a ongoing partnership to work and reposition those employees for the future. So that's, you know, engineering and beyond but think about that just in the manner that you were talking about. So the upskilling and reskilling, and I think that's where, you know, we were talking about that Purdue University, other California universities have been dealing with online programs before COVID, and now with COVID so many more Faculty were pushed into that area, there's going to be a much more going and talk about workforce development in upskilling and reskilling, the amount of training and education of our faculty across the country in virtual and delivery has been huge. So there's always a silver linings in the cloud. >> I want to get your guys' thoughts on one final question as we end the segment, and we've seen on the commercial side with cloud computing on these highly accelerated environments where, you know, SAS business model subscription, and that's on the business side, but one of the things that's clear in this trend is technology and people work together and technology augments the people components. So I'd love to get your thoughts as we look at a world now, we're living in COVID, and Cal Poly, you guys have remote learning right now, it's at the infancy, it's a whole new disruption, if you will, but also an opportunity enable new ways to encollaborate, So if you look at people and technology, can you guys share your view and vision on how communities can be developed, how these digital technologies and people can work together faster to get to the truth or make a discovery, hire, develop the workforce, these are opportunities, how do you guys view this new digital transformation? >> Well, I think there's huge opportunities and just what we're doing with this symposium, we're filming this on Monday and it's going to stream live and then the three of us, the four of us can participate and chat with participants while it's going on. That's amazing and I appreciate you, John, you bringing that to this symposium. I think there's more and more that we can do. From a Cal Poly perspective, with our pedagogy so, you know, linked to learn by doing in-person will always be important to us, but we see virtual, we see partnerships like this, can expand and enhance our ability and minimize the in-person time, decrease the time to degree, enhance graduation rate, eliminate opportunity gaps for students that don't have the same advantages. So I think the technological aspect of this is tremendous. Then on the upskilling and reskilling, where employees are all over, they can re be reached virtually, and then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. So I'm very excited about the future and what we can do, and it's going to be different with every university, with every partnership. It's one size does not fit all, There's so many possibilities, Bong, I can almost imagine that social network that has a verified, you know, secure clearance. I can jump in, and have a little cloak of secrecy and collaborate with the DOD possibly in the future. But these are the kind of crazy ideas that are needed, your thoughts on this whole digital transformation cross-pollination. >> I think technology is going to be revolutionary here, John, you know, we're focusing lately on what we call visual engineering to quicken the pace of the delivery capability to warfighter as an example, I think AI, Machine Language, all that's going to have a major play in how we operate in the future. We're embracing 5G technologies, and the ability for zero latency, more IOT, more automation of the supply chain, that sort of thing, I think the future ahead of us is very encouraging, I think it's going to do a lot for national defense, and certainly the security of the country. >> Steve, your final thoughts, space systems are systems, and they're connected to other systems that are connected to people, your thoughts on this digital transformation opportunity. >> Such a great question and such a fun, great challenge ahead of us. Echoing my colleagues sentiments, I would add to it, you know, a lot of this has, I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. You know, we're not attuned to doing things fast, but the dramatic, you know, the way technology is just going like crazy right now, I think it ties back to, hoping to convince some of our senior leaders and what I call both sides of the Potomac river, that it's worth taking this gamble, we do need to take some of these things you know, in a very proactive way. And I'm very confident and excited and comfortable that this is going to be a great time ahead and all for the better. >> You know, I always think of myself when I talk about DC 'cause I'm not a lawyer and I'm not a political person, but I always say less lawyers, more techies than in Congress and Senate, so (laughter)I always get in trouble when I say that. Sorry, President Armstrong, go ahead. >> Yeah, no, just one other point and Steve's alluded to this and Bong did as well, I mean, we've got to be less risk averse in these partnerships, that doesn't mean reckless, but we have to be less risk averse. And also, as you talk about technology, I have to reflect on something that happened and you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing traditional data, a data warehouse, data storage, data center and we partnered with AWS and thank goodness, we had that in progress and it enhanced our bandwidth on our campus before COVID hit, and with this partnership with the digital transformation hub, so there's a great example where we had that going. That's not something we could have started, "Oh COVID hit, let's flip that switch." And so we have to be proactive and we also have to not be risk-averse and do some things differently. That has really salvaged the experience for our students right now, as things are flowing well. We only have about 12% of our courses in person, those essential courses and I'm just grateful for those partnerships that I have talked about today. >> And it's a shining example of how being agile, continuous operations, these are themes that expand the space and the next workforce needs to be built. Gentlemen, thank you very much for sharing your insights, I know Bong, you're going to go into the defense side of space in your other sessions. Thank you gentlemen, for your time, for a great session, I appreciate it. >> Thank you. >> Thank you gentlemen. >> Thank you. >> Thank you. >> Thank you, thank you all. I'm John Furey with The Cube here in Palo Alto, California covering and hosting with Cal Poly, the Space and Cybersecurity Symposium 2020, thanks for watching. (bright atmospheric music)

>> Narrator: Live, from Washington DC, it's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in our nation's capital. I'm your host, Rebecca Knight. Co-hosting along side John Furrier. We are joined by Jamil Jaffer, he is the VP Strategy and Partnerships at IronNet. Thanks so much for coming on theCUBE. >> Thanks for having me Rebecca. >> Rebecca: I know you've been watching us for a long time so here you are, soon to be a CUBE alumn. >> I've always wanted to be in theCUBE, it's like being in the octagon but for computer journalists. (laughing) I'm pumped about it. >> I love it. Okay, why don't you start by telling our viewers a little bit about IronNet and about what you do there. >> Sure, so IronNet was started about 4 1/2 years ago, 5 years ago, by General Kieth Alexander, the former director of the NSA and founding commander of US Cyber command. And essentially what we do is, we do network traffic analytics and collective defense. Now I think a lot of people know what network traffic analytics are, you're looking for behavioral anomalies and network traffic, trying to identify the bad from the good. Getting past all the false positives, all the big data. What's really cool about what we do is collective defense. It's this idea that one company standing alone can't defend itself, it's got to work with multiple companies, it's got to work across industry sectors. Potentially even with the governments, and potentially across allied governments, really defending one another. And the way that works, the way we think about that, is we share all the anomalies we see across multiple companies to identify threat trends and correlations amongst that data, so you can find things before they happen to you. And so the really cool idea here is, that something may not happen to you, but it may happen to your colleague, you find about it, you're defended against it. And it takes a real commitment by our partners, our companies that we work with, to do this, but increasingly they're realizing the threat is so large, they have no choice but to work together, and we provide that platform that allows that to happen. >> And the premise is that sharing the data gives more observational space to have insights into that offense, correct? >> That's exactly right. It's as though, it's almost like you think about an air traffic control picture, or a radar picture, right? The idea being that if you want to know what's happening in the air space, you got to see all of it in real time at machine speed, and that allows you to get ahead of the threats rather than being reactive and talking about instant response, we're talking about getting ahead of the problems before they happen so you can stop them and prevent the damage ahead of time. >> So you're an expert, they're lucky to have you. Talk about what you've been doing before this. Obviously a lot of experience in security. Talk about some about some of the things you've done in the past. >> So I have to admit to being a recovering lawyer, but you have to forgive me because I did grow up with computers. I had a Tandy TRS-80 Color computer when I first started. 4K of all more RAM, we upgraded to 16K, it was the talk of the rainbow computer club, what are you doing, 16K of RAM? (laughing) I mean, it was-- >> Basic programming language, >> That's right. (laughing) Stored on cassette tapes. I remember when you used to have to punch a hole in the other side of a 5 1/4 floppy disc to make it double sided. >> Right, right. >> John: Glory days. >> Yeah, yeah. I paid my way through college running a network cable, but I'm a recovering lawyer, and so my job in the government, I worked at the House Intelligence Committee, the Senate Foreign Relations Committee and then the Bush administration on the Comprehensive National Cybersecurity Initiative, both the Justice Department and the White House. >> You've seen the arc, you've seen the trajectory, the progress we're making now seems to me slower than it should be, obviously a lot of inertia as Amy Chasity said today about these public sector government agencies, what not. But a real focus has been on it, we've been seeing activity. Where are we with the state of the union around the modernization of cyber and awareness to what's happening? How critical are people taking this threat seriously? >> Well I think I variety of things to say on that front. First, the government itself needs modernize its systems, right? We've seen that talked about in the Obama administration, we've seen President Trump put out an executive order on modernization of federal infrastructure. The need to move to the cloud, the need to move to shared services, make them more defensible, more resilient long-term. That's the right move. We've seen efforts at the Department of Defense and elsewhere. They aren't going as fast as the need to, more needs to happen on that front. IT modernization can really be accelerated by shifting to the cloud, and that's part of why that one of the things that IronNet's done really aggressively is make a move into the cloud space, putting all of our back end in the cloud and AWS. And also, ability, capability to do surveillance and monitoring. When I say surveillance I mean network threat detection not surveillance of the old kind. But network threat detection in the cloud, and in cloud-enabled instances too. So both are important, right? Classic data centers, but also in modern cloud infrastructure. >> Yeah, one of the things people want to know about is what your enemy looks like, and now with the democratization with open source, and democratization of tools, the enemies could be hiding through obscure groups. The states, the bad actors and the state actors can actually run covert activities through other groups, so this is kind of a dynamic that creates confusion. >> No, in fact, it's their actual mode of operating, right? It's exactly what they do, they use proxies, right? So you'll see the Russians operating, looking like a criminal hacker group operating out of the eastern Europe. In part because a lot of those Russian criminal rings, in actuality. You see a lot of patriotic hackers, right? I would tell most people, if you see a patriotic hacker there's probably a government behind that whole operation. And so the question becomes, how do you confront that threat, right? A lot of people say deterrence doesn't work in cyberspace. I don't believe that. I think deterrence can and does work in cyberspace, we just don't practice it. We don't talk about our capabilities, we don't talk our red lines, we don't talk about what'll happen if you cross our red lines, and when we do establish red lines and they're crossed, we don't really enforce them. So it's no surprise that our enemies, or advisories, are hitting us in cyberspace, are testing our boundaries. It's cause we haven't really give them a sense of where those lines are and what we're going to do if they cross them. >> Are we making an progress on doing anything here? What's the state of the market there? >> Well the government appears to have gotten more aggressive, right? We've seen efforts in congress to give the Department of Defense and the US Intelligence Committee more authorities. You can see the stand up of US Cyber Command. And we've seen more of a public discussion of these issues, right? So that's happening. Now, is it working? That's a harder question to know. But the real hard question is, what do you do on private sector defense? Because our tradition has been, in this country, that if it's a nation-state threat, the government defends you against it. We don't expect Target or Walmart or Amazon to have service to air missiles on the roof of your buildings to defend against Russian Bear bombers. We expect the government to do that. But in cyberspace, the idea's flipped on its head. We expect Amazon and every company in America, from a mom and pop shop, all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs, and nation-states. >> John: And randomware's been taking down cities, Baltimore, recent example, >> Exactly. >> John: multiple times. Hit that well many times. >> That's right, that's right. >> Talk about where the US compares. I mean, here as you said, the US, we are starting to have these conversations, there's more of an awareness of these cyber threats. But modernization has been slow, it does not quite have the momentum. How do we rate with other countries? >> Well I think in a lot of ways we have the best capabilities when it comes to identifying threats, identifying the adversary, the enemy, and taking action to respond, right? If we're not the top one, we're in the top two or three, right? And the question, though, becomes one of, how do you work with industry to help industry become that good? Now our industry is at the top of that game also, but when you're talking about a nation-state, which has virtually unlimited resources, virtually unlimited man-power to throw at a problem, it's not realistic to expect a single company to defend itself, and at the same time, we as a nation are prepared to say, "Oh, the Department of Defense should be sitting on "the boundaries of the US internet." As if you could identify them even, right? And we don't want that. So the question becomes, how does the government empower the private sector to do better defense for itself? What can the government do working with industry, and how can industry work with one another, to defend each other? We really got to do collective defense, not because it makes sense, which it does, but because there is no other option if you're going to confront nation-state or nation-state enabled actors. And that's another threat, we've seen the leakage of nation-state capabilities out to a lot broader of an audience now. That's a problem, even though that may be 2013 called and wants it's hack back, those things still work, right? What we saw in Baltimore was stuff that has been known for a long time. Microsoft has released patches long ago for that, and yet, still vulnerable. >> And the evolution of just cyber essential command, and Cyber Command, seems to be going slow, at least from my frame. Maybe I'm not in the know, but what is the imperative? I mean, there's a lot of problems to solve. How does the public sector, how does the government, solve these problems? Is cloud the answer? What are some of the things that people of this, the top minds, discussing? >> Well and I think cloud is clearly one part of the solution, right? There's no question that when you move to a cloud infrastructure, you have sort of a more bounded perimeter, right? And that provides that ability to also rapidly update, you could update systems in real time, and in mass. There's not going around and bringing your floppy disc and loading software, and it sounds like that's sort of a joke about an older era, but you look at what happened with NotPetya and you read this great Wired article about what happened with NotPetya, and you look at Maersk. And the way that Maersk brought its systems back up, was they had domain controller in Africa that had gone down due to a power surge, where they were able to recover the physical hard drive and re-image all their world-wide domain controls off of that one hard drive. You think about a major company that runs a huge percentage of the world's ports, right? And this is how they recovered, right? So we really are in that, take your disc and go to computers. In a cloud infrastructure you think about how you can do that in real time, or rapidly refresh, rapidly install patches, so there's a lot of that, that's like a huge part of it. It's not a complete solution, but it's an important part. >> Yeah, one of the things we talk about, a lot of tech guys, is that this debate's around complexity, versus simplicity. So if you store your data in one spot, it's easy to audit and better for governing compliance, but yet easier for hackers to penetrate. From an IQ standpoint, the more complex it is, distributed, harder. >> Yeah I think that's right. >> John: But what's the trade off there? How are people thinking about that kind of direction? >> No that's a great question, right? There's a lot of benefits to diversity of systems, there's a lot of benefit to spreading out your crown jewels, the heart of your enterprise. At the same time, there's real resilience in putting it in one place, having it well defended. Particularly when it's a shared responsibility and you have partial responsibility for the defense, but the provider to, I mean, Amazon, and all the other cloud providers, Microsoft and Google, all have it in their own self interest to really defend their cloud really well. Because whether or not you call it shared responsibility, it's your stock price that matters if you get hit, right? And so, instead of you, Amazon, and all the other cloud players have an incentive to do the right thing and do it really well. And so this shared responsibility can work to both side's benefits. That being said, there's an ongoing debate. A lot of folks want to do there stuff on-prem in a lot of ways. You know, a lot of us are old school, right? When you touch it, you feel it, you know it's there. And we're working through that conversation with folks, and I think that at the end of the day, the real efficiency gains and the power of having super computing power at your fingertips for analytics, for consumer purposes and the like. I really think there's no way to avoid moving to a cloud infrastructure in the long run. >> I know you said you were a recovering lawyer, but you are the founding director of the National Security Institute at the Antonin Scalia School of Law. How are you thinking about educating the next generation of lawyers who could indeed become policy makers or at least work on these committees, to think about these threats that we don't even know about yet? >> That's a great question. So one of the things we're doing, is we're working through the process with the state commission on establishing a new LLM and cyber intelligence national security law. That'll be a great opportunity for lawyers to actually get an advanced degree in these issues. But we're also training non-lawyers. One of the interesting things is, you know, One of the challenges DC has, is we make a lot of tech policy, a lot of it not great, because it's not informed by technologists, so we've got a great partnership with the Hewlett Foundation where we're bringing technologists from around the country, mid-career folks, anywhere from the age of 24 to 38. We're bringing them to DC and we're educating them on how to talk to policy makers. These are technologists, these are coders, data scientists, all the like, and it's a real opportunity for them to be able to be influential in the process of making laws, and know how to involve themselves and talk that speak. Cause, DC speak is a certain thing, right? (laughing) And it's not typically consistent with tech speak, so we're trying to bridge that gap and the Hewlett Foundation's been a great partner in that effort. >> On that point about this collaboration, Silicon Valley's been taking a lot of heat lately, obviously Zuckerberg and Facebook in the news again today, more issues around irresponsibility, but they were growing a rocket ship, I mean, company's only 15 years old roughly. So the impact's been significant, but tech has moved so fast. Tech companies usually hire policy folks in DC to speak the language, educate, a little bit different playbook. But now it's a forcing function between two worlds colliding. You got Washington DC, the Silicon Valley cultures have to blend now. What are some of the top minds thinking about this? What are some of the discussions happening? What's the topic of conversations? >> Well look, I mean, you've see it in the press, it's no surprise you're hearing this talk about breaking up big tech companies. I mean, it's astounding. We used to live in world in which being successful was the American way, right? And now, it seems like at least, without any evidence of anti-trust concerns, that we're talking about breaking up companies that have otherwise hugely successful, wildly innovative. It's sort of interesting to hear that conversation, it's not just one party, you're hearing this in a bipartisan fashion. And so it's a concern, and I think what it reveals to tech companies is, man, we haven't be paying a lot of attention to these guys in DC and they can cause real trouble. We need to get over there and starting talking to these folks and educating them on what we do. >> And the imperative for them is to do the right thing, because, I mean, the United States interest, breaking up, say, Facebook, and Google, and Apple, and Amazon, might look good on paper but China's not breaking up Alibaba anytime soon. >> To the contrary. They're giving them low-interest loans and helping them all to excel. It's crazy. >> Yeah, and they have no R&D by the way, so that's been- >> Jamil: Right, because they stole all of our IP. >> So the US invests in R&D that is easily moving out through theft, that's one issue. You have digital troops on our shores from foreign nations, some will argue, I would say yes. >> Jamil: Inside the border. >> Inside the border, inside the interior, with access to the power grids, our critical infrastructure, this is happening now. So is the government now aware of the bigger picture around what we have as capabilities and criticalities that were needed now for digital military? What is that conversation like? >> Well I think they're having this conversation, right? I think the government knows it's a problem, they know that actually in a lot of ways a partnership with tech is better than an adversary relationship. That doesn't change the fact that, for some reason, in the last three, four years, we really have seen what some people are calling a "techlash", right? A backlash against technology. It kind of strikes me as odd, because of course, the modern economy that we've so benefited from is literally built on the back of the innovations coming out of the Silicon Valley, out of the west coast, and out of the DC metro area, where a lot these tech companies are developing some of the most innovative new ideas. Now they're, frankly, helping government innovate. So Amazon's a key part of that effort, right? Here in the public sector. And so I'm hoping that education will help, I know that the arrival of tech companies here to really have that conversation in an open and sensible way, I hope will sort of waft back some of this. But I worry that for too long the tech and the policies have ignored on another. And now they're starting to intersect as you say, and it has the possibility of going wrong fast, and I'm hoping that doesn't happen. >> You know, one of the things that Rebecca and I were talking about was this talent gap between public sector and private sector. These agencies aren't going to go public anytime soon, so maybe they should get equity deals and get a financial incentive. (laughing) You know what I mean? Shrink down the cost, increase the value. But as you get the collaboration between the two parties, the cloud is attracting smart people, because it gives you an accelerant of value. So people can see some entry points to land, some value out of the gate, verus giving up and abandoning it through red tape, or in other processes. So you starting to see smart people get attracted to cloud as a tool for making change. How is that working? And how is that going to work? Cause this could be coming to the partnership side of it. People might not want to work for the government, but could work with the government. This is a dynamic that we see as real. What's your thoughts? >> I think that's exactly right. Having these cloud infrastructures gives the ability to one, leverage huge amounts of computing power, but also to leverage insights and knowledge from the private sector in ways that you never could have imagined. So I really do think the cloud is an opportunity to bring real benefits from private sector innovation into the public sector very rapidly, right? So, broad-clouded option. And that's part of why John Alexander, my boss, and I have been talking a lot about the need for broad-clouded option. It's not just innovative in technology, it's benefits to the war fighter, Right? I mean, these are real, tangible benefits pushing data in real time, the war fighter, You know John Alexander had one of the biggest innovations in modern war fighting, where he's able to take civil intelligence down from weeks and months, down to minutes and seconds, that the naval and our war fighters in Iraq and Afghanistan to really take the fight to the enemy. The cloud brings that power scaled up to a huge degree, right? By orders of magnitude. And so the government recognizes this and yet today we don't see them yet moving rapidly in that direction. So I think the EO was a good move, a good first step in that direction, now we got to see it implemented by the various agencies down below. >> Well we'll kep in touch, great to have you on. I know we're wrapping up the day here, they're breaking down, we're going to pull the plug literally. (laughing) We'll keep in touch and we'll keep progress on you. >> Thank you so much, I appreciate it. >> Rebecca: Jamil, you are now a CUBE alumn, >> I love it, thank you. >> Rebecca: So congrats, you've joined the club. >> I love it. >> I'm Rebecca Knight for John Furrier you have been watching theCUBE's live coverage of the AWS Public Sector Summit. (electronic music)

>> Announcer: Live, from Stanford University in Palo Alto, California, it's theCUBE covering Women in Data Science Conference 2018, brought to you by Stanford. (light techno music) >> Welcome back to theCUBE's continuing coverage of the Women in Data Science event, WiDS 2018. We are live at Stanford University. You can hear some great buzz around us. A lot of these exciting ladies in data science are here around us. I'm pleased to be joined by my next guest, Bhavani Thuraisingham, who is one of the speakers this afternoon, as well as a distinguished professor of computer science and the executive director of Cyber Security Institute at the University of Texas at Dallas. Bhavani, thank you so much for joining us. >> Thank you very much for having me in your program. >> You have an incredible career, but before we get into that I'd love to understand your thoughts on WiDS. In it's third year alone, they're expecting to reach over 100,000 people today, both here at Stanford, as well as more than 150 regional events in over 50 countries. When you were early in your career you didn't have a mentor. What does an event like WiDS mean to you? What are some of the things that excite you about giving your time to this exciting event? >> This is such an amazing event and just in three years it has just grown and I'm just so motivated myself and it's just, words cannot express to see so many women working in data science or wanting to work in data science, and not just in U.S. and in Stanford, it's around the world. I was reading some information about WiDS and I'm finding that there are WiDS ambassadors in Africa, South America, Asia, Australia, Europe, of course U.S., Central America, all over the world. And data science is exploding so rapidly because data is everywhere, right? And so you really need to collect the data, stow the data, analyze the data, disseminate the data, and for that you need data scientists. And what I'm so encouraged is that when I started getting into this field back in 1985, and that was 32 plus years ago in the fall, I worked 50% in cyber security, what used to be called computer security, and 50% in data science, what used to be called data management at the time. And there were so few women and we did not have, as I said, women role models, and so I had to sort of work really hard, the commercial industry and then the MITRE Corporation and the U.S. Government, but slowly I started building a network and my strongest supporters have been women. And so that was sort of in the early 90's when I really got started to build this network and today I have a strong support group of women and we support each other and we also mentor so many of the junior women and so that, you know, they don't go through, have to learn the hard way like I have and so I'm very encouraged to see the enthusiasm, the motivation, both the part of the mentors as well as the mentees, so that's very encouraging but we really have to do so much more. >> We do, you're right. It's really kind of the tip of the iceberg, but I think this scale at which WiDS has grown so quickly shines a massive spotlight on there's clearly such a demand for it. I'd love to get a feel now for the female undergrads in the courses that you teach at UT Dallas. What are some of the things that you are seeing in terms of their beliefs in themselves, their interests in data science, computer science, cyber security. Tell me about that dynamic. >> Right, so I have been teaching for 13 plus years full-time now, after a career in industry and federal research lab and government and I find that we have women, but still not enough. But just over the last 13 years I'm seeing so much more women getting so involved and wanting to further their careers, coming and talking to me. When I first joined in 2004 fall, there weren't many women, but now with programs like WiDS and I also belong to another conference and actually I shared that in 2016, called WiCyS, Women in Cyber Security. So, through these programs, we've been able to recruit more women, but I would still have to say that most of the women, especially in our graduate programs are from South Asia and East Asia. We hardly find women from the U.S., right, U.S. born women pursuing careers in areas like cyber security and to some extent I would also say data science. And so we really need to do a lot more and events like WiDS and WiCys, and we've also started a Grace Lecture Series. >> Grace Hopper. >> We call it Grace Lecture at our university. Of course there's Grace Hopper, we go to Grace Hopper as well. So through these events I think that, you know women are getting more encouraged and taking leadership roles so that's very encouraging. But I still think that we are really behind, right, when you compare men and women. >> Yes and if you look at the statistics. So you have a speaking session this afternoon. Share with our audience some of the things that you're going to be sharing with the audience and some of the things that you think you'll be able to impart, in terms of wisdom, on the women here today. >> Okay, so, what I'm going to do is that, first start off with some general background, how I got here so I've already mentioned some of it to you, because it's not just going to be a U.S. event, you know, it's going to be in Forbes reports that around 100,000 people are going to watch this event from all over the world so I'm going to sort of speak to this global audience as to how I got here, to motivate these women from India, from Nigeria, from New Zealand, right? And then I'm going to talk about the work I've done. So over the last 32 years I've said about 50% of my time has been in cyber security, 50% in data science, roughly. Sometimes it's more in cyber, sometimes more in data. So my work has been integrating the two areas, okay? So my talk, first I'm going to wear my data science hat, and as a data scientist I'm developing data science techniques, which is integration of statistical reasoning, machine learning, and data management. So applying data science techniques for cyber security applications. What are these applications? Intrusion detection, insider threat detection, email spam filtering, website fingerprinting, malware analysis, so that's going to be my first part of the talk, a couple of charts. But then I'm going to wear my cyber security hat. What does that mean? These data science techniques could be hacked. That's happening now, there are some attacks that have been published where the data science, the models are being thwarted by the attackers. So you can do all the wonderful data science in the world but if your models are thwarted and they go and do something completely different, it's going to be of no use. So I'm going to wear my cyber security hat and I'm going to talk about how we are taking the attackers into consideration in designing our data science models. It's not easy, it's extremely challenging. We are getting some encouraging results but it doesn't mean that we have solved the problem. Maybe we will never solve the problem but we want to get close to it. So this area called Adversarial Machine Learning, it started probably around five years ago, in fact our team has been doing some really good work for the Army, Army research office, on Adversarial Machine Learning. And when we started, I believe it was in 2012, almost six years ago, there weren't many people doing this work, but now, there are more and more. So practically every cyber security conference has got tracks in data science machine learning. And so their point of view, I mean, their focus is not, sort of, designing machine learning techniques. That's the area of data scientists. Their focus is going to be coming up with appropriate models that are going to take the attackers into consideration. Because remember, attackers are always trying to thwart your learning process. >> Right, we were just at Fortinet Accelerate last week, theCUBE was, and cyber security and data science are such interesting and pervasive topics, right, cyber security things when Equifax happened, right, it suddenly translates to everyone, male, female, et cetera. And the same thing with data science in terms of the social impact. I'd love your thoughts on how cyber security and data science, how you can educate the next generation and maybe even reinvigorate the women that are currently in STEM fields to go look at how much more open and many more opportunities there are for women to make massive impact socially. >> There are, I would say at this time, unlimited opportunities in both areas. Now, in data science it's really exploding because every company wants to do data science because data gives them the edge. But what's the point in having raw data when you cannot analyze? That's why data science is just exploding. And in fact, most of our graduate students, especially international students, want to focus in data science. So that's one thing. Cyber security is also exploding because every technology that is being developed, anything that has a microprocessor could be hacked. So, we can do all the great data science in the world but an attacker can thwart everything, right? And so cyber security is really crucial because you have to try and stop the attacker, or at least detect what the attacker is doing. So every step that you move forward you're going to be attacked. That doesn't mean you want to give up technology. One could say, okay, let's just forget about Facebook, and Google, and Amazon, and the whole lot and let's just focus on cyber security but we cannot. I mean we have to make progress in technology. Whenever we make for progress in technology, driver-less cars or pacemakers, these technologies could be attacked. And with cyber security there is such a shortage with the U.S. Government. And so we have substantial funding from the National Science Foundation to educate U.S. citizen students in cyber security. And especially recruit more women in cyber security. So that's why we're also focusing, we are a permanent coach here for the women in cyber security event. >> What have some of the things along that front, and I love that, that you think are key to successfully recruiting U.S. females into cyber security? What do you think speaks to them? >> So, I think what speaks to them, and we have been successful in recent years, this program started in 2010 for us, so it's about eight years. The first phase we did not have women, so 2000 to 2014, because we were trying to get this education program going, giving out the scholarships, then we got our second round of funding, but our program director said, look, you guys have done a phenomenal job in having students, educating them, and placing them with U.S. Government, but you have not recruited female students. So what we did then is to get some of our senior lecturers, a superb lady called Dr. Janelle Stratch, she can really speak to these women, so we started the Grace Lecture. And so with those events, and we started the women in cyber security center as part of my cyber security institute. Through these events we were able to recruit more women. We are, women are still under-represented in our cyber security program but still, instead of zero women, I believe now we have about five women, and that's, five, by the time we will have finished a second phase we will have total graduated about 50 plus students, 52 to 55 students, out of which, I would say about eight would be female. So from zero to go to eight is a good thing, but it's not great. >> We want to keep going, keep growing that. >> We want out of 50 we should get at least 25. But at least it's a start for us. But data science we don't have as much of a problem because we have lots of international students, remember you don't need U.S. citizenship to get jobs at Facebook or, but you need U.S. citizenships to get jobs as NSA or CIA. So we get many international students and we have more women and I would say we have, I don't have the exact numbers, but in my classes I would say about 30%, maybe just under 30%, female, which is encouraging but still it's not good. >> 30% now, right, you're right, it's encouraging. What was that 13 years ago when you started? >> When I started, before data science and everything it was more men, very few women. I would say maybe about 10%. >> So even getting to 30% now is a pretty big accomplishment. >> Exactly, in data science, but we need to get our cyber security numbers up. >> So last question for you as we have about a minute left, what are some of the things that excite you about having the opportunity, to not just mentor your students, but to reach such a massive audience as you're going to be able to reach through WiDS? >> I, it's as I said, words cannot express my honor and how pleased and touched, these are the words, touched I am to be able to talk to so many women, and I want to say why, because I'm of, I'm a tamil of Sri Lanka origin and so I had to make a journey, I got married and I'm going to talk about, at 20, in 1975 and my husband was finishing, I was just finishing my undergraduate in mathematics and physics, my husband was finishing his Ph.D. at University of Cambridge, England, and so soon after marriage, at 20 I moved to England, did my master's and Ph.D., so I joined University of Bristol and then we came here in 1980, and my husband got a position at New Mexico Petroleum Recovery Center and so New Mexico Tech offered me a tenure-track position but my son was a baby and so I turned it down. Once you do that, it's sort of hard to, so I took visiting faculty positions for three years in New Mexico then in Minneapolis, then I was a senior software developer at Control Data Corporation it was one of the big companies. Then I had a lucky break in 1985. So I wanted to get back into research because I liked development but I wanted to get back into research. '85 I became, I was becoming in the fall, a U.S. citizen. Honeywell got a contract to design and develop a research contract from United States Air Force, one of the early secure database systems and Honeywell had to interview me and they had to like me, hire me. All three things came together. That was a lucky break and since then my career has been just so thankful, so grateful. >> And you've turned that lucky break by a lot of hard work into what you're doing now. We thank you so much for stopping. >> Thank you so much for having me, yes. >> And sharing your story and we're excited to hear some of the things you're going to speak about later on. So have a wonderful rest of the conference. >> Thank you very much. >> We wanted to thank you for watching theCUBE. Again, we are live at Stanford University at the third annual Women in Data Science Conference, #WiDs2018, I am Lisa Martin. After this short break I'll be back with my next guest. Stick around. (light techno music)