Thank you for the conversation today, thank you for your service, and thank you for being on the front lines of our nation and bringing us together in this important fight. It was an honor to be up here with you today. Thank you for the audience for engaging as well. A to be here. Thank you. Good morning everyone. I hope you guys are able to get your blood flowing. I do want to acknowledge all the media that has been with us for the last four days. We appreciate all your coverage and everything you guys have done for us, so thank you for being here. We would like to follow that fireside conversation with the honorable newberger by taking a more indepth look at the future of cyber. For our next session, 2024 and beyond, the hard road ahead, we have invited a distinguished group of experts to look at the topics through multiple lenses. Moderating this discussion will be renee when, former cio nasa our featured speaker for this conversation on the road ahead are dave frederick, assistant Deputy Director for china, National Security agency. Eric goldstein, executive assistant director for cybersecurity csds is a retired Lieutenant General steve fogarty, Senior Executive adviser, ruth allen, andrew market, adviser of Cardio Technology formerly c. O. O. Cia and dave richardson, vp of product and point insecurity. Look out. These join me and applause and welcoming our speakers. Wow,. I good morning, everybody. We hope you have shaken up the malaise of being a conference all week and talking to people in person. We hope that has worked for you. We hope youre using your devices as we are at a cybersecurity conference. That is always a good thing. You connected those and inserted the chinese rfid, correct . You got that at the front desk. Super. Good morning, everybody. It is great to see you. So given the Rapid Advances in technology and the ever shifting Political Economic and environmental landscapes, the future of cyber threat world is sure to change. This group of experts will explore how the future will likely impact cybersecurity and things to think about in order to keep up and we might go back to some of those oldfashioned human factor problems that will lie ahead in the future as they are here with us today. So gentlemen, this is all play where everybody gets to answer and hopefully you will sort your selves out, if not, i will help you if seri. So looking beyond cybersecurity, what big shifts are happening in the world that will change how we should be thinking about the digital world, and protect it . Who would like to start. I will just run the board here. Thank you. First of all, it is a pleasure to be here at the conference and then with this group of professionals. I think as we look at the way ahead, i am forecasting out a little bit, the things that concerned me the most, democratic shifts, particularly in the global south, loss of opportunity, loss of challenges, i think supply chains are increasingly becoming an issue. If you think about restrictions that we placed on transferring technology to the prc, there is going to be a for tat and i think you know, we have had the opportunity to purchase a lot of raw material from them, or things that are very vital for everything from moving to electric vehicles to building cell phones. So those supply chains are going to have to be reconstituted and that is going to require no significant investment as we move forward. So i think that it is really the combination of things we cannot predict, social economic political and cultural factors that are really going to try this, but we have to watch it, and i think this is where if you go back to newbergers comments this morning if you start, the key is partnerships. So it is foreign partners interagency partners within the u. S. Government, commercial partners, it is partnership with academia that give us at least Early Warning for these things. We never seem to predict these things exactly right, but that is going to be the critical aspects of getting through this. Thank you. Andy . To fill out steves answer, i think one of the things that we should look at what is happening in real time as we are watching a digitally enabled army take on an analog army, and we are seeing the digital army winning, we dont know how this will end, and overwhelming force may win out at the end, but i think there is a lot of lessons here beyond just valid field lessons about what a 21stcentury capability can do against clearly a 20th century capability, and you know, beyond us improving and becoming better, i think there is also others paying attention to this and seeing that david can take on goliath and maybe when, and so i think it changes the defense dynamic broadly, the National Security dynamic as people watch this unfold. Great. Thank you. It is wonderful to be here. It is a privilege to be on this stage. If we look at the cybersecurity ecosystem, i think we can fairly say it is defined by a constellation of actors who seek shared goals, shared norms and cyberspace, freedom opened to security resilience and some entities that seek the inverse and then there is the middle and theres organizations and countries that are in many ways as yet undecided about what the future of the internet, of the Global Digital comments should look like him and so one of our broader challenges which applies to cybersecurity, but not only is how do we in the u. S. Convey that positive affirmative message of the internet of Network Technologies as being an ecosystem that enables growth, enables prosperity, enables freedom of expression and that cybersecurity is an enabler of that affirmative positive vision because right now there are too many places around the world and he mentioned the issue of supply chains, where there are countries attempting to make inroads into entering into commercial agreements, entering into supplychain dominance in a way that undermines our collective global interest in seeking a world where small Democratic Values are the norm and are enabled by security and resilience and it is up to all of us in this community to convey cybersecurity not only as an approach to protection, but as a positive vision to advance the values in the future that we all seek. Thank you. He represents the Critical Infrastructure security agency. So those were important remarks. Based on the interconnect events and dependency on electricity and clean water, anyway, dave. It is great to be back. But i was here last year i was in Cyber Command, executive director and now i am in a focus on china. Eric and i did not coordinate on comments, but i want to build out on some key points he made, and starting with this focus on the prc, we really ss that the prc and competition between prc and the u. S. And our partners, it is going to be the defining issue for the next generation, and what we are seeing happened today with the prc is they are exporting a digital governance model designed to support authoritarianism and increase their global influence, and so i think that is an area our partners will have to work hard at to counter and provide some positive options, especially in the south and other regions. Another area i think competition between the u. S. And piercy is going to be critically important is in technology standards. The China Technology is the main battlefield based on some of their official statements, and we have got to work closely, in close cooperation with our foreign partners to effectively engage in standards for the basis of telecommunication cybersecurity standards, we need to be thinking about the emerging issues of standards related to a. I. And other emerging technologies. Excellent points about china. We are sort of in a trade route of sorts with them and what does that mean or supply chains that we are also accustomed to having on the less expensive side and what does that mean and how do you make shifts . We are talking about a huge Economic Impact both on the Positive Side and negative side as well. Very thoughtful remarks. Thank you. I went to build on what you were talking about around a. I. I think there has been a lot of discussion on the ready around a. I. , but that is essentially lowering the skullcap for both good actors and bad actors. It becomes so simple these days to generate compelling automated attacks, whether that be phishing websites, those kinds of things, or sophisticated exploit chains and those kinds of things. You know, that used to be something that required highly skilled individuals to be put in a dedicated effort. These days you can buy a kit online, you can buy things online easily, but it is becoming even simpler than that with the rise of Artificial Intelligence. The flipside is this is a tool that can be used for good, that can be used for sorting through massive amounts of data to find the anomalies and things like that. Something that needs to be embraced by organizations as it was mentioned earlier, an attacker only needs to be right ones, and that offender, as a defender you need to be right all the time in order to successfully defend your organization. So i think Artificial Intelligence is one, the other i would say is post quantum encryption, you know, if you got a world, five years away or 40 years away or a month away, who knows these days, there will be a world where encrypted stores will all be given enough time and money and everything can be broken. Organizations need to think about where your data lives and who has access to it, even if it is encrypted because they have a clock on that. Someday somebody will be able to get access to that data. Thank you. When we were in the green room preparing and you had mentioned there is an important on our ability out there right now that perhaps our audience may benefit from hearing about. So if you have not seen the news, late last night, citizen labs sent out a better ability disclosure around a new exploit chains found in the wild called last pass, and it affects pretty much every apple device, and this is a pretty scary exploit chains, so basically what can happen is someone can send you what is called a pass file, which is basically like your boarding pass or your light or Something Like that, and your phone automatically parcels that when it arrives to generate an image could generate a pretty thumbnail and the act of parsing that can exploit your device remotely. So you could receive this from an unknown number, you dont even have to open it, you dont have to see it, you dont have to know it even happened and then your device can become compromised currently reflected with pegasus and this is exploited in the wild. Apple put out a patch last night for all apple devices, so iphones, ipads and more. You should get that update as soon as possible. It is very very important, and these are the modern kinds of threats that exist these days where your phone can be in your pocket, you can get a text and it is now compromised and the attacker, they delete the text message, delete the notification, you dont even know it happened and then somebody is living in your phone, somebody is watching everything happening. Thank you so much and remember, a friend is not going to send you tickets to taylor swift. Just keep that straight. That is also, this is audience participation. Not until are done in 27 minutes. Right . Dont do that update. Pay attention. We are talking about beyond that now. Exactly. There seems to be an emerging conflict between developing technologies focused on decentralization and traditional political and economic entities wanting to Leverage Technology for control. How does this play out chemic steve, get us started. So i think this is nothing new, it is not emerging, it is a constant i think for all of us, particularly those who have been on the government side and went the government side, and bennett now that i flipped over to the commercial side, it is an interesting viewpoint in which you realize that you are working toward the same thing, but the value systems, value chains may be different, so you think about what i think a lot of people would look at is like web three blockchain, so you know, that becomes this popular discussion, and i call on the molly white viewpoint, which is it is a bunch of scammers, you have a bunch of people that are out there you know, what is the Value Proposition . So that is one example of where you can be. I think there are other examples. Use of a. I. , generative a. I. Quantum committees are competing for power or for encryption to protect encryption. So if a technology will come and go, i think he said it well, the issues, the concerns they were facing, they are not the same ones they are facing today. Part of that is change in technology. So where i am at on this right now is that tension can be useful and i think it is not just government, not just big business and the little guys there are a variety of factors well beyond the technology, so we got right into the technology. I think it is important to look at some of those other factors are so they are social factors. There are economic errors, there are political factors that there are cultural factors. The discussions we are having in the u. S. , or you might have in the european union, you might have in other places of the world may be very different than the discussion you are going to have in china or russia. So this tension between you know, freedom and oversight or compliance or regulation actually, i think is very valuable because you are going to have some people pushing the limits and sometimes they get themselves in trouble. Very quickly, and they always either want to look for someone to bail them out or there is another group that are rapidly exploiting gaps in regulation and oversight and compliance. So there is a role for both the government to be involved in this space mother is a role on the commercial side and certainly there is going to be a very loud political, increasingly more clinical role in this. So i think where we have to be at the end of this is you know, again, clear communication, very Good Partnership between the people deploying the technologies, the government, it can provide some oversight. I think the other challenge for the government is getting expertise to understand the Technology Understanding third order facts. You think most recently the chat cbt and some of the other a. I. Language models just created this firestorm and i am sure the Big Companies deploying the capabilities, they probably did not receive what that reaction, that this world reaction was going to be, and the government is still trying to sort out exactly what is the role of government in this space, so the question has to protect the outcome. Yeah. Tensions are always going to be there and that is okay is what i am saying. Good. Thank you. We are in the middle of an interesting and dangerous. In the cyber Threat Landscape. I characterize that as a deep thing and broadening of Cyber Security risk and on the broadening, we have been talking about the democratization of cyber the capabilities manifested tangibly by the ecosystem where you are able to have the structure without any training and launch attacks on the rooms of your choosing and even access brokers to gain access to victims in order to execute the malicious intent. If we combine an ecosystem of that nature with the increasing ubiquity of generative a. I. , we are further reducing the floor to launch damaging intrusions, we are democratizing the availability to actors who have malicious intent, but no capability. Now, all you need is the intent and probably money. Combine that with what we also see, which is the deepening of sophistication of some of our apex adversaries, and i will call out the advisory that our partners released living off the land techniques, which is extraordinary and challenging when instead of using tradition or malware of the structure that is detectable by these Cyber Security tools that we all know and love, that is not going to work anymore for actors using these techniques and you need to understand the activity on your network to such a granular degree that you can detect anomalies that indicate an adversary is using legitimate tools, Network Management tools used by administrators for malicious intent and to gain. If we see this as an intersection, democratization of capability and advancing sophistication, what does that mean . This is a focus on resilience, the fact that if our goal is detect, prevent, respond in every context that we are never going to succeed because we are never going to keep every adversary of every Network Every time. What we can do is make the investments today to make sure when our adversaries gain access, we elect them quickly but we limit their ability to cause harm on the american people. That is a bit of a cultural shift because it takes us outside of the conditional cybersecurity i. T. Box and it becomes much more of a business issue and a Business Continuity issue, but that is where we need to be. What we would encourage his we are preaching to the converted, but lets try to get out into the broader world and speak with the Business Community and the Resilience Community about how we can join these disciplines and make the needed investments before they are needed. Thank you so much. Excuse me for a second. Dave. Right. So a lot to recover here. I think the parts i would reinforce kind of really bending off of erics points, one is a trend that has been positive is the relationship the partnership between government and private sector. There is still a lot of room to get better, but when i reflect back on it first came out of the intelligence side of things and started focusing on cyber and Cyber Security around 2016, it has improved so much, and continuing to work on that, continuing to align the work of private sector firms with government support, i think it is going to be critical to deal with these longerterm trends. The other piece, how do we have an effective conversation with Business Leaders about investments and Cyber Security connect there is financial uncertainty, economic uncertainty, there is always risk of folks pulling back on investments, so how can the Cybersecurity Community have a conversation about risk, make sure we are not too much in geek speak mode when we are trying to make the case and trying to keep the foot on the gas in terms of deeper improvements to network hygiene, to resiliency through investments. Recognizing this is a cost center. How do we get through that . I dont live in that world, i dont envy the folks that have to make those cases. You know, i do think the work like we are doing in the government with the advisories is helpful in the sense that we are trying to communicate some of these risks to a broad audience, we are not just keeping the advice in the family and i see that as a major change across the interagency and with our foreign partners. The last few years has been positive for the whole community. That sounds right. I would want to remind folks as we talked about our external threats, you might as well also thank your internal threats and the complex environments, your Insider Threats are complex and it is hard to catch and monitor. Some of these things can be turned inside to find maybe anomalous behaviors downloading at 3 a. M. When you are on the east coast time and they did not just have a newborn. Like what do i do, write, say okay, i think that is awkward. So as we move towards Renewable Energy sources, the need to attach devices to our connected Digital Space opens more area of attack, more surface area to attack. How do we think better about security at the edge . Eric i will start with you. It is, i think a truism that securing an enterprise environment is just getting more complex by the day, whether it is bringing a device, mobility hybrid, the complexity for an organization is challenging, and for a smaller organization, it is impossible, so where we need to focus as a community is how do we help organizations simplify, how do we help them prioritize and i think we have seen exciting work in the Vulnerability Management space to help organizations if you try to address every vulnerability or misconfiguration on your network you are not going to succeed if you focus only on cbs critical vulnerabilities you are probably with allocating resources. How can we help you identify the smallest number of vulnerabilities to focus on, the smallest number of controls to deploy and test, to achieve the broadest benefits because if we are talking organizations, here are 200 controls and 10,000 in our abilities, they are not going to achieve the goals, so we are looking at this in a few ways. We need to focus on our performance goals as being synced list of steps that a Small Organization can take to achieve the most Risk Reduction privatized by impact, but also help the organizations focus on what are those vulnerabilities that are being exploited in the wild that have a high likelihood of being exploited, lets start there and then build out, but it is reasonable to note that mature organizations have a Vulnerability Program where they are able to triage and prioritize based on risk, the vast majority of organizations dont, so how can we make their lives easier, have them be relieved of a burden and focus on what matters most. Excellent point about having the management programs. Those that are closest to the Nobility Management commission therapy a freeze on your network updates. Nasa launches and stuff like that. We know that also when you can do it, not just if you can do it, but when because sometimes when is just as important as doing it here thank you. Dr, we are talking about at the edge. So i first want to build on that point because i was talking about this last past vulnerability, these kinds of vulnerabilities when they first come out, they are nationstate level actors that know how to exploit them. A month later, anyone knows how to exploit them. There is a timeline as well to give a concrete example. Prior webkit exploit chain called trident had been used to infect devices with pegasus and malware, it was a series of three exploits to compromise the device from a single click. That same chain is how if you look up a Youtube Video for how to jailbreak your Nintendo Switch, it is the same chain. So that x what chain went from nationstate to script kit to literal kids using it to get games on their Nintendo Switch in the course of nine months or so it is important that you think about the timeline on vulnerabilities and getting those and understanding what needs to be done day zero, and that needs to be done day 30 and all of these things that are remotely exploitable them of they need to get caught up. On the point of edge coming back to that, so security has always been this pendulum that swings to security centralized, decentralized kind of swings back and forth and i think the right answer is of course all of the above and other good best practices that we all know. These days they talk about this idea of a cybersecurity mesh architecture, these things need to be in communication with one another and your edge devices need to understand their own state, but you also need to understand everything from your network and if you are thinking about like Renewable Energy and these modern forces and electric vehicles these are data centers on wheels. They probably have in common like a tablet that drives your car, like you know. They have more in common with an ipad than they do probably in a Combustion Engine vehicle you have a decade ago. So it is a completely different model these days, and you need to think about how to secure that device from all angles. So just the top tip that i heard about the Nintendo Switch, if the thirdgrader spelled it right, lined them up. That is not a spelling error. All right. A. I. And Machine Learning that they appear to be creating a new environment for such things as overdressed technology and increased potential for deception and misinformation. What are some of the implications you see as a. I. Begins to reach its full potential . I just want to remind you guys that a. I. And mlr on mars in the rivers that are up there right now. We have already put it on another planet. Lets talk about earth and how we can really capitalize on a. I. Here. Dave, get us started. First of all, i did want to note i was worried one steve brought up this point that we were going to lose the audience, i was glad you asked everybody to hang in there, i was getting ready to run out the door. Maybe i shouldnt. Yeah yeah. Yeah. I am sure for folks that have attended the conference the holy, they have heard a lot about a. I. , and i will pivot back to my main focus, which is the prc with both an example, a recent example and kind of a look to the future. So as one example in 2020 to on a major u. S. Plat form, we were able to run a completely fake news entity through a series of a. I. Generated videos called wolf news, which unsurprisingly was prochina communist, so i think as an example, if we have an adversary able to take advantage of a major u. S. Platform for some time, that is the tip of the iceberg on where this is going to go. The work on regulatory frameworks, how do we handle this . How is the u. S. Going to look at setting some standards on dealing with deep fake media. We need innovation and detection of deep fakes and authentic content. I think it is going to open up a range of challenges. It will enable more effective malign information, information, it is going to enable our adversaries to do more overt propaganda more effectively across multiple language barriers. So if you think about chinas efforts to shape the information environment globally, you know, we expect many nationstates to take it vantage of these capabilities to be more effective in their campaigns. So we will be watching that closely. I think there is a lot of work ahead for the community on grappling with the challenge of a. I. And getting the right framework in place. Framework that strengthens and follows our values, but give some boundaries for the technologies. Excellent. Andy. Just to build on that emma when i joined the cia, we spent a lot of time and effort trying to understand soviet denial and deception and they were good at it, but that is childs play compared to what exists today. So that will be enormous. The idea of being able to tell rail from a, which can get cute about your favorite celebrity, but when you are making National Security decisions based on information you have got to be able to tell rail from fake. Look. On the a. I. Front, we will analyze your favorite three letter agency, trying to make sense of the world for policymakers. What we use computers for was to be assertive, and we put a bunch of information in there and shake it around and it would allow me to look at the stuff i needed to see so i could help inform a policymaker. That does not work anymore because that leaves a mountain of information, so now i have to rely thing that i dont understand, which is true for most people to draw conclusions and show me the conclusions so that i can take her out how to make sense of the world. So that puts the onus on someone who is trying to make sense of the world for a policymaker to understand how that thing works. Because otherwise do you trust it or not . You have got an adversary trying to fool it by inserting information that it can detect it and offering it up to you. So it becomes this spy versus spy game or with an ever changing environment and a constant reason to keep turning on a. I. Your a. I. Has got to be better than the a. I. That was to fool you and for someone trying to make sense of the world, you will have to Say Something is wrong. Something is not working right. Because i am getting audit conclusions. The idea that it is going to take over i think is patent. It is my numbing that smart people believe this is going to take over. It is never going to replace a human. I dont see that happening. It is a valuable tool and i dont think we can go forward without using it as a tool. It is saying you know, i dont trust automobiles so i will read my horse. Right . That is not going to alone, so we have to move to this a. I. Enabled world, but i think it will require education and pain for people to understand what it can and cannot do and what its proclivities are, where it can go wrong, how can it go wrong. It opens up another realm for people to understand as they try to just accuse any evidence as being fake, anything you see as being fake, whether there is a video of you committing a crime, Something Like that, it is all fake, everything can be fake at some point. I think the authenticity verification has got to go on both sides, you know. Like we are going to need tools to build authentic verifiable video authentic verifiable photos, this came from a legitimate source, or metadata, more Additional Details and other factors that adversaries will also try to fake and fill it all in to try to get us to a place where it is likely can try to sift out what is real and what is fake so i am worried about that flipside where anything can be accused of being fake at the end of the day. Excellent point. We are coming to the end, which i thought went rapidly and then there were so many nuggets including a spelling opportunity for you provided here and a psa for your apple products which you can do upon conclusion of this event. But i want to summarize i think what are some of the key points in our connected world, and that is brazilians, being resilient is deeper now and are more broad than it was probably just a couple years ago. Partnerships are key, whether it is a Partnership Cyber professionals, with your mission or business entity, partnerships with your boards and others in the private sector, partnerships between the private sector in the United States government in terms of keeping this awesome country safe. Cyber is an enabler, it is not a prevention, it is here to protect you and it enables the business and it enables the mission and it helps to address reputational risk. You dont want to be that apple product that just corrupted your phone that you live by and that supplychain is far more complex than it was and as we move towards Renewable Energy with those materials that we need, there is a geopolitical complexity associated with the modern world and the world that is about to come. Great opportunities left, people like me will still have jobs. Thank you andy for making sure we are still going to stay in the loop and it is on other planets, so we have already done that. We will watch mars and see what happens and if they find water in creatures, we will see what happens. Being protected in a post encryption world, that is coming in 2024 and beyond. So remember the threat actors, the bank apex hunters are still out there, the sharks and lions, but the emerging actors, it is a lot easier to get into the game to attack you, your business and your government. So with that, remember to update your apple products and have a safe journey. Fantastic. Thank you. Fantastic. It fantastic thank you. It is becoming increasingly obvious that the separate offenses can be better informed by leveraging those who are taking a more proactive approach to countering the threats. In our next session, helpful spectrum Cyber Operations enable each other. We hope to offer you ways in which the u. S. Government is working to enable more direct interactions between the groups. Moderating this panel is rainer, Senior Vice President alan joining rainer on stage for this discussion is timothy vance, senior director Cyber Defense expert, andy boyd, former director for the center for Cyber Intelligence cia, and nicholas holt, deputy to the commander Cyber National mission horse. Please join me in applause and welcoming this panel to the stage. Thank you to the panelists for being here and thanks to those who are still here on friday morning mick and i were talking backstage, so quick shout out to your mom, my husband, right . Just a great discussion to have around a full spectrum. I wanted to start with a statement, hypothesis statement that is going to undergird our discussion today, and i will read it, it is to prevail in conflict, petition and crazy, the whole of our Community Must execute full spectrum Cyber Operations, faster and more effectively. So you can imagine when we all got together on the phone, one of the first request was lets define full spectrum. This conversation could go a lot of ways that it should not and is not allowed to in this environment. The panel hopes to find full spectrum to mean the full capabilities and partnerships required to address all the threats across the full spectrum of National Power. Still a broad definition we can work. So jumping into things, and the National Cyber strategy, we have identified the need for more integration to disrupt and dismantle threat actors. We will use all instruments of National Power to that pain. Literary, kinetic, nonkinetic intel, law enforcement. I wanted to start the first set of questions really nick and andy i just want to get your point of view on how we are thinking about these requirements. So anything about what is in motion today and the department of defense and the Intelligence Community, to achieve this vision laid out by mcs, where are we, how are we thinking about those requirements and i would love to start with nick and i would love to hear from an industry point of view as well. Great. First off, thank you for the great team for having us and giving me the opportunity to talk about the great work that the great men and women are doing everyday as we persist in adversaries to defend the nation against Cyber Threats. I think it is about partnerships. When we look at the scope and scale of the threats we face in all demands, particularly in cyberspace, you cant do it alone. It takes strong partnerships between the department of defense, the Intelligence Community, other arms of the u. S. Government, and with industry, so industry maintains billions of networks all around the world, and that is where the threat surface is and that is where the attacks are adversaries. How do we Work Together with industry to take what we know and what we are doing in the government, share it with industry, learn from what they are doing and adopt practices and share intelligence back and so that together we can defeat these adversaries. Thank you. I like to use the metaphor on how we executed the war on terror in 9 11 because sometimes we look at cyber mysterious environment and in a lot of ways it is not. After 9 11 it took a couple years, 18 months to get u. S. Government Community Integrated in the sense that was relevant for countering the terrorist threat globally. When it all started, the community and military were doing their own thing, but over time we integrated. We are much farther along on that and we were 23 years ago where the Intel Community, the title 10 dod community, Cyber Command are very well integrated. Pillar, you made reference to the Cyber Strategies disrupt and dismantle, again, in a different context, it is vastly different than disrupting and dismantling terrorist threat, but a lot of the same instruments of National Power apply in pillar five Building International partnerships to defeat this threat again, something in the context of cia we have been doing since 1947, Building International partnerships, sharing sometimes cia has been us to our International Partners and we share that across the board when it comes to Cyber Threats with state departments, with the rest of the community, with dod, and vista has an International Portfolio as well, but not as many folks overseas, so we do integrate an entire community. You made a reference to the private sector. I think that is the one thing that is vastly different than the counterterrorism, just the private sector owns the industry owns Cyber Infrastructure and so we have to integrate that in that is the major difference, i think. I think to key on what they have said, it is a partnership, and the underlying tone and his responses as we are focused on the mission, so the more that industry can understand the missions, we dont do this for sports, we were developing capabilities that are going to see operational use and and other uses, so we went to make sure the more we are closely partnered with the government, the better we are able to develop those capabilities. We will come back to that in a minute. First i wanted to take the conversation and put it through the lens of what we have seen the conflict in ukraine. From your point of view, what has this taught us about the integration of defensive and offensive cyber during wartime . You want to start that is operational example of the strategy we were talking about. You know. We collect intelligence along with other elements that then inform operational decisions. We cant do that alone. We made reference to the private sector, but we cant do it alone. We need our International Partners and we have had some ukrainian officials here in the conference this week and they have done an extraordinary job utilizing all the tools that he in ukraine to defend against the russian onslaught. We have been integral in that. The general, first day of the conference, made reference to utilizing intelligence and sharing that intelligence across the nato partnerships, but also with ukrainians. I think that has been decisive for where we have been since february of 2022. But whats also been decisive is the engagement from American Companies and other International Companies helping the ukrainians and not just since february 2022, but also where the ukrainians learned a great deal of how to protect their cr protect their critical d structure and protect all theirl governments. I think we in the u. S. And across the world should learn from our ukrainian allies and no the enormous capacity they have built since 2017 and prior to that and the Human Capital that they have built to defend their own network. So that can be accomplished mp without the integration that we have had across the community he and the private sector and our International Partners. Next, let me ask you through the lens of Cyber Command, you know im a looking at ukraine, b looking at the role of cyber, you know . I think a couple things. One, we had teams on the ground in ukraine in the runup to the russian invasion up until the last days working alongside ukrainian partners to defend ac ukrainian networks against Cyber Attacks and to discover threat that new novel threats that we were seeing on ukrainian networks, bring this back, share them with network ed defenders inside the u. S. Across the government and across industry to really learn about how we can defend together against these threats, and learn how we can optimize both Government Allied partner v systems and Sector Systems to defend against the threats and share information. So we found things that we shared with industry. Industry enriched that data and used it to defend networks here at home and share that information back with the ia ukrainians. Is runians. That partnerships are built on trust and you cant search st trust, you have to build trust over time by working together, by working side by side against, to advance common goals so it is really an investment in building those partnerships and deploying teams to defend allies and the Amazing Things we can accomplish when we work with our allies backed by industry and backed by the rest of the government. That has been the big lesson we have learned from ukraine. If i could add on, i prequalify myself explaining what Cyber Command does across the spectrum to some of my colleagues in the Intel Community who are less familiare with that. They may say we have an allied partner who needs help eating their act together and defending their network. We need to hire a company to help them do that we already have that in the u. S. Ow government. So i guess your point on how we integrate. Honestly inc. The teams are one of the greatest tools we have in our t, arsenal on the Cyber Defense nd front, and building that trust and partnership across the globe. I could not say more for your teams. That is fantastic. That is it, combined action against threats. It is not a Training Service that we provide. It is our operators learning co how to Work Together to identify and defeat common threats. I wanted to move in the light of the solutions that we need and talk a little bit t about, this is for the whole panel, the department of defense, the intelligence immunity have the right mechanism, the right capacity, the right partnership, the right data to truly be interoperable. I heard you say we are more advanced, i heard you say we are making a lot of progress, but do we truly have those were their areas of practice we are still trying to advance . You know you want to start back i think the problem we have is that there is so much data. There is so much data, the attack surface is growing day. Our adversaries are adapting l our adversaries, the Threat Landscape is changing. We used to hunt for exquisite k tools and look for indicators of compromise with high and malware, now we are seeing cyber actors use native windows commands and hide the regular noise of networks and that is at really hard to unpack because if you dont know what your network looks like on a granular level, you are never going to see that anomalous activity, and you cant run an Antivirus Program to find it because there is no virus. So i think the challenge that we have, this is i think where there is opportunity for i defensive applications of a. I. And Machine Learning to baseline networks to make senses of the data and the normal behaviors on networks and help identify what is truly anomalous, what doesnt fit, even if it looks to a casual observer approach this threat or what is something that wouldo look normal, what is truly anomalous, i think that is the challenge we are confronting. Yeah. We are swimming in threat data. F we have very different systems, we have an enterprise system of the classified level that does not connect to the data on some of the Cyber Threats that the private sector has integrating those is a heavy lift for the Intel Community, but i do think the Cyber Security director has given us a road map on that andv given us a road map on that andv it has been extraordinary. I think in my opinion the Intel Community should follow that model on how we can securely ho integrate those streams of data in the private sector because if we dont, we will miss a major portion of the cyber threat. Industry partners, we have industry partners, we have for a while. When you think about me mentioned capabilities earlier, you think about the solutions, they capabilities that were bring brought to the governmenti either from industry, lets say five years ago, how do you think about, how should we think about the right way to achieve speed, agility, an interoperability from a solution standpoint, from an solution standpoint, from an talk about what the Government Point of view is. We will start with you. It is to pieces. Ve from a technical perspective, we went our offensive and t defensive teams to both believe they are at the top of their game, so having those teams Work Together, play off of one another and informed the solutions that each of them are developing i think is critical that we move forward, the impacts are expanding daily, so we need to be thinking differently about these problems and then developing new systems with that kind of nationstate level adversary in mind and going to the designs of those systems. I think our industry, to answer the second part of your question, i think we can look at those things from a contractual point of view. We talk about speed and agility, health industry. Du they go faster to get capabilities commissioned more. Quickly and i think it government needs to hold industry accountable in terms of the contracting vehicles. There is a lot of effort contracting that is done in this space. We need to get to more of a resultsbased contracting model so that industry is held accountable to actually deliver capability that is ready to see the battle i am agreeing. The leaders are presented here, and who i have been speaking with throughout this conference, i think they understand thoroughly the requirements for intel. The id requirements, as well. The talent pool in a number of the Companies Represented here is extraordinary. There is a talent pool in the government, we just do not have enough. We need to make more of them. You know, as far as integration, again, across the board we are fully in agreement. I agree and i manage that my workforce results, the philosophy, for the most part the private sector has the same philosophy. That makes it easier to integrate the private sector and the mission. Everyone is dedicated to the mission and the intended results of the mission, everyone has the same Job Satisfaction and willingness to put a lot of effort into the mission. I think we are there for the most part. It is all about partnerships. It is about Building Trust through common goals, the common objectives. Having those objectives together and building relationships to Work Together. We talked about the cybersecurity collaboration center. Cyber command, has a program called, under advisement. We collaborate with Cybersecurity Companies with an exchange of information, where we bring what we learn on things like foreign operations when wearing. We bring things that we are partnering with the governments fairly bounce those in real time against cybersecurity professionals for a variety of private companies. On a really collaborative basis, where we both look at, data, we go off and use the data to defend. We have a little bit of time left. We will ask the magic question. Looking at both the Spectrum Operations and knit, i will start with you. If you could wave a magic wand and create new capability, new skill sets and technology, any partnership, what would that be . If you were to be able to prioritize one thing that would help the full spectrum operational success, what would that be . If i had a magic wand, i would be in a lot of parties. If you could do tricks appear, your mom could my mom could. It is two things. As we look at cyber actors increasingly living off of land, native commands, administrator techniques to do their exploitation work. There is tremendous opportunity there for smarter tools that can query across commercial data and quantify data. To get those to pull together in a way that we can find these threats, and find them together. It is not just Government Networks that are being threatened. Or allied networks that are being threatened. Its networks operated within the industry. The other thing, as we increasingly defend forward with our allies, our Allies Networks are getting more complicated, as well. Right . And our tools and hunt kits need to keep pace with both the evolving Threat Landscape and increasingly complex networks. That is really about integrating Machine Learning at the front end. Rather than collecting data at the front end, processing it back and pushing it forward, we could do more advanced processing to find the more advanced techniques at the front. Initiating immediate reaction, rather than having a delay to pushing it to be analyzed and pushing it forward again. You asked for one thing but this is two things. That is fine. You could probably go with one more if you want. No . If i had a magic wand, we would have the human capitol coming out of undergrad programs are graduate schools with the skill sets that we need. Not just an essay, but across the private security sector. We have electrical in an ears engineers, some of these folks represented in the audience, people have an understand of technology, but maybe humanity majors can translate technology into relevant discussions at the director ci level. We have a Phenomenal Group of people, but not enough. I think we have the academic programs across the country to develop, maybe not 10 x, but maybe along those lines. I think we needed to do a better job in the Intel Community for people with those degrees. With nonstem degrees but a interest in technology, in particular cyber technology, if we do not, we will not have enough human beings to deal with it over the next decade or two. To piggyback exactly what he was talking about, i would say that this industry, it has always been short staffed. I do not see that changing, but we are trying to come up with innovative ways to solve that problem. One of those, we are trying to manufacture, to get better Training Programs that are more action oriented around exercises and better preparing people for this career field. Also creating an environment where people want to come to work every day and sort of things her head against the wall and solve problems that are not necessarily meant to be solved. We have to create the special involvement for talent and industry. Just the space in general. The second, leveraging all the new technologies whether it is ai, whatever it is, to better enable the work force that we have to be more effective. Then, i could probably if i had that magic wand, until we could solve that problem or bring it collectively together, if we could simplify this problem there is 15 steps, whatever it is, if we can have fort teen that we could focus that much better, as a collective industry could be that much more effective. Thank you all. Any Closing Remarks that you all would like to make . Thanks for hosting us and giving us the opportunity to talk about these important challenges. Comments about talent we have to figure out how to attract and bring out the best in every part of american society. Bring them in, bring people in, get them the training they need and the meaningful work that they deserve. Then figure out how to let people go and bring them back . Right . Because part of being a good partner, is learning what your organization looks like from the outside and how the industry works. How the agencies work. Thats one of the things we are really thinking about hard in Cyber Command. How do we do that . How do we leverage our alumni networks, to make it easier for people to come back. How do we leverage the talent of the National Guard and reserves . Its really great to see that happen. To see a couple thousand young people we have on a Cyber NationalMission Force come to work every day and persistently engaging adversaries and really defending the nation against common threats that we all face. Excellent. I want to say, thank you again. To the collective point, having a venue like this summit to get the message out for many years, ai, and particular has been a black hole. I would love to figure out how to work there but i do not know where the front door is . Hopefully we have been doing this in other venues the past year or so, trying to get that message out that should be considered an employer of choice for technology. We just have to keep getting the message, not just in washington, but across the country and the private sector. The Academic Institution so we could get people coming out of school directly or in the private sector already, who want to spend time in the National Security arena. Then go back to the private sector. We are trying really hard to accelerate security clearance process to enable that. We are not there yet, we are getting there. I think it is critical, or we will not get where we need to be from the cybersecurity perspective. I would say, thank you. Its been an honor to share the stage with you this morning. Thanks for being a great moderator for us. I think the thing that has come out of this panel, the message a partnership. Whether it is government to government, industry to government, as we have heard all week, the problem is not getting easier. It will take all of us working together to solve it and coming up with new ideas and solutions. There is lots of opportunity in front of us. Thank you for the time. Thank you to the audience. Er personnel work to ensure our er nation is secure. With our next panel, emerging cyber leaders, we wanted to ovid every day thousands of e yo personnel make sure our nation is secure. With the next panel, emerging cyber leaders, we wanted to provide you with the up . Of what it looks like at the operational level. Our distinguished analyst make decisions every day based on the realworld events that they are addressing everyday. Moderating this panel will be, byron love. Associate director for program management. Joining byron on stage for this discussion, director of ai, cia. Kenneth chu, fbi. Managing director, security customer success, microsoft federal. Lieutenant colonel stephen, joint Task Force Commander, Cyber NationalMission Force. Please join must. Welcome them to the stage. Good morning,. My name is byron good morning,. Good morning, everyone. As the announcer said, my name is, byron love. Im supporting the sub Security Intelligence and services business. I have been looking forward to this conversation all week. As you have heard, there has been many great speakers here at the billington conference. All at the senior level, but, cybersecurity looks different from the trenches. With these great cybersecurity emerging leaders. This morning we will have the opportunity to hear unique perspectives on leadership from law enforcement, the Intelligence Community, the military, and from industry. A great way to start is with introductions. I would like for lieutenant colonel, allows us to call it, steves day. I appreciate it. Cyber warfare officer. In the army for 16 years now. Currently serving as a joint Task Force Commander in the Cyber NationalMission Force. Masters degree in computer science, master degree in computer science, doing the job that i love in the army. In the Cyber National force, i lead the team of about 150 individuals across the United States army and the navy to help defend the nation. I am the managing developer for microsoft. What that means, i lead a team of amazing technologists that help our federal customers achieve security outcomes for microsoft solutions. Ive supported some form of regulated industry throughout my entire career. Im really focused on the federal government. A lot of different capacities, including operating programs and serving as a contractor for government. Thats what calls to me and thats what i tried to install in my team, as well. I thank you for this panel. For helping us here, and im excited about being on the stage with you. Amazing, amazing, speakers. And the director of with the cia. I started 21 years ago. I worked my way through as a developer and a program manager. Software Development Efforts until i moved into the current job. Its about driving ai strategy and strategic implementation across the enterprise. Its exciting, it is new, and im happy to be here with all of you. Who did not hear me . Do i ne . Do i need to do it again . All right. Director of ai at the cia, i started 21 years ago. Started as a developer. I worked my way through program management, running enterprise. It projects. Enterprise data science, to include the entire management of data science, finally, to my current position as the first director of ai for the agency. It is really about driving the agencies ai strategy and strategic implementation. Good morning. I am a unit chief in the cyber division. I have been with the fbi for about 18 years. In that time, i actually supported a couple missions. Counterterrorism division and in 2016, supported fbi cyber National Security mission. I had the great opportunity to work with partners, many are here on the panel today. International partners, i am happy to be on this panel to talk about how i made that have a very awesome. Thanks to you all. We have some great . Against and talent here on this panel today. Lets get started with the first topic. Cybersecurity challenges. Cybersecurity environment faces a myriad of challenges. Many that you guys face that i have no idea bye. What are the Biggest Challenges you face when it comes to meeting the requirements for your job . Who would like to go first . I will start off. I think cyber is a inherently challenging domain. You will probably hear that challenges across the Cyber Enterprise are not too dissimilar. When i think about advances in technology over the last decade, even the last five years, its rapidly evolving environment. Not just for us, also adversaries, as well. At the Cyber NationalMission Force, really no shortage of people. A lot of people across the military services who want to join. They want to be part of the mission. They want to help defend the nation. Training those people and obtaining them, is a opportunity for us. Getting people to stay, getting them exposed to the mission, is something we are able to do to help drive people to stay and be part of it. If i can build on that, the same thing for me. Its a human challenge. There is a challenge for the effect that you do not have a shortage of people. There is a challenge of shortage, for context, when we build our organizations, we hire for adding to our culture. One thing nonnegotiable, we hire people who are passionate for the craft industry. The partners outcomes. We have a situation where we have less capacity than we have demand, it creates a tense situation. When you have a bunch of passionate individuals, what ends up happening, we are not the little engine that could, we are the little engine that will pay people start loading themselves up with more cargo. The wheels fall off the track if you load up too much. Shortage and capacity was yesterdays problem. Todays problem is exhaustion. I think that is a big area. I think recognizing not only the people, the managers get exhausted and burnt out, too. I 100 agree with that. We are all running at 1000 miles an hour. It is important that we are thinking about the people who work for us and their willingness, and how we can support them, but also get the most for our mission. When im thinking about the ai cyber nexus, there are other things we are thinking about as challenges. The Data Availability and quality. We are working with industry partners, how will we integrate any potential solution they might have aimed toward our systems . They are very unique from a security requirements perspective and all these types of activities. We also need the right talent. I am sure everybody in this room, we are all trying to find Artificial Intelligence practitioners who know how to do this work. We need to be able to do it with ethics and legal implications in mind. Trying to put all of that in the place, you know, it takes time. We are still working through those challenges. I cant agree more with everything that everyone has side. Resource and management is a real challenge in the fbi. We are always trying to focus on over the verizon threats. Trend right intelligence, that means china do more with the same amount of resources, while also paying attention to who the consumer is. Thats multiple levels which includes high levels of government, the private sector, also the public, in our messaging. With that in mind, burnout is a real concern. I tried to take it into account that if my people want to build a career, i want to help them do that. If thats what the cyber mission, that is great. The fbi has a wide set and if theyre interested in another one, i will support them. That keeps him on my team longer. Building their expertise wider. The challenges around people , we have heard a lot about the shortage of personnel that have talent to operate in cyber. Opening up more paths for individuals to come into cyber and taking care of them once they are there. That brings us to the next topic. The positive work culture of making cybersecurity environment a place people want to work. The pace of evolution of Cyber Threats is overwhelming. Along will come a barracuda day. The actors are now using ai. It piles on top of each other. How do you build a positive work culture during stressful times when our Technical Resources are short, and you have more need than money to get things done . I am happy to start. In the fbi, we try to focus on the mission for the cyber mission. In order to keep my people focused and engaged on the mission, they have to feel like they are involved in the mission. Last year i had the opportunity to employ one of my analysts to albania in response to a cyber attack. In the world of Cyber Intelligence, to take the network abilities and to explain to them, so anyone can understand it. Second commanders can understand. She had the opportunity on the security council, highlevel government, it is those opportunities that i think people keep coming back for. They are exciting and new. The air career building. To get back to my earlier topic, for those who want to build their careers. I also think that when you are leading an organization, the people in the organization are looking to you to create that culture. I think its important that you are communicating your values and your ethos to them. Whatever that may be. Then you are living it and demonstrating it. Not only talking about it. You are acting it out every day and they see it. I also think that the people in your Organization Need to feel valued. They need to feel that what they are doing matters. They need to feel rewarded. I think if they are seeing the fruits of their labor, not only you see positive outcomes, and they are feeling value, that brings out a positive culture. I build on both of what you said. Its the same thing, maybe i will frame it as three things for me first, it begins with communications. That means to listen to what your team has to say. It means, communicating transparently. When you do those two things, and they see your acting on what you told them, your acting on what you heard from them, it builds trust. Your executing on what we told you and you are honest with us, even when we dont want to hear that answer. Think about leaders that you followed, you felt supported like you could run through a brick wall for that person. I think that is a big part of it . Communications. Clarity. You mentioned, shared purpose. There is a clarity for the individual, as to what role they play in the mission. There is also clarity for how that fits into the Overall Organization and makes the Mission Effective and achieves the organizations purpose. It was mentioned before. And, recognition. Absolutely, recognition. Ive got infinite pockets of money, i would love to say that where i could give out rewards. You want to recognize for impacts. Recognizing everyone is not recognizing anyone. You want to recognize positive impacts. Compensation does not have to be the thing. My team, we commission a nerdy coin where on the back there is a message written in binary. We give out coins to a bunch of folks on our team. Lets the entire team see in a public form what you value. I got a call from one of my team members about a month later and was like, compensation is great, but i want a coin. There are different ways to motivate your team to recognition. I love that. Building on what he said, building a positive culture, those are the types of things that come to mind. Having a unit identity. A coin, colors, a model, things that people can identify their mission set and give more credence to what they are doing. Our motto is, people first, mission. I found through my career, as long as you take care of the people in your organizations, the mission will follow. You will have people medicated and dedicated toward the mission. Building on from before, it is easy and the challenge of under work. I have seen great culture where people keep fishing, they keep busy with the missions i have. They keep busy, that has helped improve. Absolutely. Retired military air force, we learn excellence in all we do. That carried me throughout my career because leadership becomes part of our pattern of life. Our adversaries, leadership is part of our pattern of life. Its observable and we mimic behavior. I applaud you all for setting those examples for the people who follow you. You all are effective leaders. That is the next topic. Each of you represent different sectors. As a result, you bring a unique perspective to cybersecurity leadership. What is one positive thing you believe has helped you to become an effective leader . Jay, we will start with you. I am going to lead from the front. I think it is the way i am wired, its part of my ethos. Whenever i started my career, i want to do every phase before i can be a p. M. My role in security, i want to be a engineer, an architect, for me, i think its being able to engage with the team at every step of the process. But not take away from them my focus is to look at the force, the forest for the trees. I set the guard rails for, are we still achieving our purpose, our vision, our strategy . This has extended to the team culture a little bit. I have a phrase that i say whenever we are engaging anyone, alyssa send a fee. As we engage customers, i have a thing im working on, i will ask you on the team has set in the sea . Whether they performed that capability, or they lived that mission of that customer, it builds. Having the perspective of, those that sat in the sea, that became a part of our culture. I loved what he said about guiding and directing. The ability to know how to build that team and have, to bring the right people to your team that can fill the gaps none of us can do this on our own. None of us know the right answers. We are not on top of every part of it. The team you build is so important to help you fill the right gap. Both from the subject matter, the expertise perspective, and a culture perspective. You want it to be a positive place to work. I think on top of that, what helps every leader, having a curiosity and learning mindset. I think being really interested in what you are doing is a positive. So you, yourself, are building acumen and leveraging your team. They are always not going to be there to answer your every question. Its of the importance to have team identity. Just like everyone has been saying. It is important so they understand what their role is in the mission. In that, identifying what a winning team looks like. Identifying what type of personnel you need to fill those gaps so you can build a team that volunteers for more things. And takes on Career Opportunities to fulfill the mission. I dont think i wouldve been in my position now, if i had said, no, to a lot of opportunities. I said, yes, to a lot of things that i was not prepared for. It has been beneficial. It is important to bring that spirit to the teambuilding aspect. I know that you asked for one thing, but i have two that i want to talk well. The first positive thing, having had leaders who allowed me to fail. To try Different Things and not be upset when it didnt work. They trust that i could get past it and the team could get past the initial failure. If we did not fail, we probably were not trying hard enough. I appreciate that as a positive aspect or the other, when i was just starting out my career, learning the value of teamwork and what i was capable of. When i was given tasks, i could easily accomplish those myself. I had a leader pull me aside and say, hey, the success of the unit is not whether or not you accomplish your task, its whether or not everybody does. Not being the leader, looking to the junior members and helping them feel that the team can do much better when we Work Together, having them truly believe in that concept. The trust that you mentioned, that has to be earned. If the listen to your people and take action on that. By doing that, it builds trust. Team leaders that are supporting us. I like what you said about the delegation part of it. I had a general once teach us, a group of young officers, if something comes across your desk that is fun, it is not for you to do. I agree. Everybody needs a chance to shine. They have to have their opportunities. Absolutely. We talked about the one thing we would do on a positive perspective. What one thing that you did while perhaps not overly positive, still help shape how you make decisions . Who has not gone first year . I will go first. I do not know if i look at a specific thing, but i think the thing that helps me make decisions are the diversity of experiences that i have had. I think its really important. People would come ask me for those types of, how do you do what you do . You have to build your toolbox. You have to get the diversity of experience. At a certain point, you are making decisions with very limited data points. Youll be called on to make those decisions. What those in that data when you dont have data points for the experience you have. I think its really important to have that diversity, to help inform your decisionmaking. That make sense. This is a personal thing, but for me, absolute clarity on what this is. It was when i first moved into management. I really wanted to be successful in my team to be successful. My first opportunity was not going to go wrong. What i found, there is a difference between being accountable for your team success and empowering them to be accountable for their own success. It was a hard lesson, because it started off let me tweak and tune i was hoping to make sure our team achieved the objective the best we could. It took someone punching me in the gut lovingly to tell me that you are spending more time helping than we are spending working. That was a big lesson for me. It is rolled into how i lead and engage in manage my team now. I will set early deadlines on things, because not distrust them out, i frame it as, lets get ideas on the table early. Lets give ourselves time to iterate so we can be accountable for our own successes. Not, i am fixing something at the end. Thats a big thing. A lesson for me, i was recruited into the Cyber NationalMission Force after winning a hacking competition when i was a officer. Whenever showed up, i was a little bit arrogant. Fortunately, i had Senior Leaders who helped me realize the value of being humble. They did it in a positive way. I viewed it as a negative on myself. I was bragging, but i came to this organization was a great mission, and there are a lot of other people like that. The opportunity for mentorship there and the value of remaining humble whether it is you, people on your team, or the whole organization, staying true to what you are actually doing helps. I think it is important that the team understands my role in the team. Not just setting direction, but understanding on the daytoday basis, like everyone has said, i could do the task that has been assigned. It is more important for them to do it. Getting the exciting things, the experiences, to build their toolbox. To do diversifying aspects. They can come to me for problems and i can be the problem solver. I can work with them so everything is done in a standard way, so things are accomplished in a timely manner to meet the deadlines. As of that nature. Understanding what my role is on the team. You mentioned problem solving. Jay talk about being punched in the gut. Dealing with conflict is a challenge for the leaders. I found it important from different conflicting perspectives. Even though it might be hard to hear and to take the punch, that tends to make the team better. Its a natural part of organizations to add conflict and how we manage that, that is important. How do we motivate . The next topic. One of the challenging aspects of leadership, motivating different types of people. What are the key motivators for you, your team, and your people, as you strive to serve in your everyday job . Im happy to start on that one. I came to this question and i did not have a framing for it. Then i sat in a session and she talked about it as a symphony. The analogy i look at, our team is like an orchestra. We are the conductor. What that means, understanding each individuals unique passion. What makes them tick . Our role is to align their passion to our objective to the mission and community and the people that we serve. That is our role, and alignment role. I would love to say this is the lego movie. Not everything is awesome always. There is general discord. What happens in those situations, really focusing on that persons passion. If you have a diverse mission, find a way to get them to reach their passion. Sometimes as a leader, you would take the pillar of your organization as one strength, and move them to something they are passionate about. Thats kind of scary to say, i count on you for this, but im going to move you somewhere else it every time i have done that, they get so much energy and motivation, they bring it to the mission that you align them to. The other people they work with feed off of that. Its like my sixyearold, she is always watching me kind of thing so other people see that you are willing to invest in your people, find them an opportunity to do what they love in your organization, and that is retention. Some of the other things we talked about, knowing your people and genuinely knowing what motivates them, because it is different for a lot of people. There are people i work with and see the Cyber Command facilities is motivation on its own. A lot of people are like, i am driving into work for some people, that site is motivating. One example, i had a Young Software developer working in a room developing software for the Cyber NationalMission Force. He never got to see it used. In his opinion, he always develop code, it went somewhere, but he never got to see the result. Bringing him on a mission to see when it was used, was the single thing to motivate him. He got to be part of the team as the used the things he developed, that got him to stick around a lot longer than he was going to. He got to see firsthand the impacts. He got the and formal recognition of what he did was valued. Perfectly i could not agree more about personal motivations. Understanding your team, figure out what they like, if they like travel. Getting up in front of a crowd and being able to to sit side by side with a Mission Partner to find a solution to a problem. You can start to map piece was the motivations. I feel like i get a free pass for motivators, because where i work, the motivation of mission is threaded through every officer who works there. If you ask anybody from top to bottom what motivates for each mission . People from the Intelligence Community and security, feel like they are part of bigger than something of themselves. Its very special. Giving people the opportunity to solve unique problems that we often get to do, is a really powerful and potent motivator. They want to work for us because we have cool problems. We often do not talk about it. You cant talk about it verse two i want. The motivation like every other speaker has said, is key in the fbi. Getting to know my people if they want to work on ai, lets get them to work on that. If you want the private sector, we will get you there. It all seeks for the opposing cost on the adversary. Just like the cia, people want to join the fbi at an early age. It helps that we have a lot of tv shows that motivate people. I would like to say the fbi is like the tv shows, but is not exactly the same. But, you know just getting them to also understand the impact of their work, to see the product that was briefed by the president or to the president , to get their feedback, that is motivating. We are getting close to the end of time. Take about 30 seconds and talk about driving production, productive change and innovation from your perspective. What does it take to drive productive change and innovation in your dynamic environments that you work in . I touched on it a little bit, not being afraid to fail. Not accepting, no, for an answer. A lot of times when you are working something for the first time, it might be scary to hire leadership or staff to help improve. Settling those fears and talking through how what you are working can be successful. Why you need to innovate to continue to work the mission. The risktaking, we have a phrase, i will not get into, you covered it. Im hyper passionate about this. Our adversaries are creative. When we identify ways to mitigate them, they find ways around it. We need to be creative to combat that. What we need to do, we need more diversity within the industry. It is when we bring many voices together, listen to those voices, we get the best idea, the best creativity. That creativity is what was for the innovation. It is all about bringing a lot of people together and listening to them. I agree with all of those perspectives. I think it also is a convergence from the topdown and bottomup. It is the people who are boots on the ground who understand the problems to be able to innovate against those problems. From the top down, we need to give them the space and ability and resourcing, to perform the innovation. Its really important that those converge. Discipline is key. Its necessary to try a new innovative technique or skill. It is important to understand what your team is in resourcing. Going against the adversary, is not just my unit or the division, or the fbi, the resources and private resources, so we know what all of the options are . As he sat at the first session, at the end of the day, leadership matters. The emerging leaders before you here, matter to the mission of our nations cyber. I want to thank you for your commitment and conjoining to the panel and this conference. Please join me to give these sub security emerging leaders a round of applause. Nonfiction book lovers, we have a number of podcasts for you. Listen to bestselling authors and interviewers. On the afterwards podcast. At a few a day. Here conversations with nonfiction authors and others who are making things happen. Hourlong conversations that regularly feature authors of nonfiction books on a wide variety of topics. It takes you behind the scenes of the Publishing Industry with insider interviews. Industry updates and bestseller lists. Find all of our podcast by downloading the free app. And on our website. See some. Org podcasts. Cspan, the unfiltered view sio companies and more. Including, media calm. And madea, we believe whether you live here are right here, or out in the middle of anywhere you should have access to fast reliable internet. We are thinking of ways to help you. Media calm giving you a front row seat to democracy. Kathleen hicks, unveiled a new Defense Program aimed at spurring innovation to compete which unabed