>>This is KAREN. I'm still a little tired. So without further adieu we'll get into the talk. >> Hopefully you can hear me okay like this. How are you guys doing? Having a good DEF CON? Welcome to Sunday afternoon| track one, also known as the after party track seeing that everybody has had a pretty wild weekend. I guess you guys might be hung over. But let me ask you, how many of you are here at DEF CON for the first time? That is a lot of you guys. Give yourself a hand. You made it. You are no longer DEF CON virgins. All right! And the reason I bring that up is because this is actually my first time speaking at DEF CON. And I am extremely excited and a little bit nervous to be to be honest, to be with you here. But the reason I'm here is because I honestly deeply and firmly believe that hackers can have a positive impact on the world. We can actually save the world for generations to come. Now, I know that sounds like a tall order, but I'm going to take you through it SXISHGS hope by the end, we'll make true BLOOEFRNs out of you. My name is KEVIN.... For those of you who find it difficult, you can find me online as Karen E. Or also known as special K in certain circles. So let's get the show on the road. A little bit about myself, I've been in the security industry for almost 15  years now. I've worked with a bunch of fortune 500 companies, consulting firms, government agencies, think tanks, academic organizations. All across the board. Security operation, product management, intelligent work, but that's not why I'm here today. I'm also on the advisory board of a pretty cool crypto currency (indiscernible) five. For those of you know crypto no, ma'am son. Yes the company is named after the one in the book. Thank you. But again, that's not why I'm here today. Actually, this woman is the reason I'm here today. So that is Angelina Jolie right? She portrayed acid burn in the 95 film hackers. I was 14 at that time. And I can see you doing the math trying to figure out my age. I'm 33 now. So, I'm going to save you the trouble. It's Sunday. When I saw this movie, I instantly realized that all this stuff that I like doing was actually called being a hacker. And it's a thing. And girls can do it too. And hackers can be heros if they want to, so that is why I'm here. Now I have another confession to make. Like I told you, this is my first time speaking in DEF CON. I've always wanted to speak here and I've actually been submitting talks for years and I could never get in. So then last year, something exceptional happened to me. I was invited to speak at the little place call Ted's. Those of you who are not familiar with the concept, it's a pretty high profile media conference where they also film the talk and put them online and then millions of people watch them. Naturally I freaked out. I was also certain that I might get hacked for giving a talk about hackers. But then thankfully, I learned that ran dell from (indiscernible) was also going to be there. I so I was relieved. I thought everybody was going to pay attention to his comments and cool stuff and not notice me. I also realized it was a once in a lifetime opportunity to use the (indiscernible) platform to hack into people's minds. To get them to change the way they see hackers. The way they think about us, about this community that I've been a part of that I believe can do positive things. So in order to make that change happen, I created a virus. A mental virus. An idea that would stick with people as they watched the talk and hopefully would propagate and spread on ward. And that ideal was hackers are a vital part of the world. That we are actually kind of like the immune system for the information age. And that it falls to us to find the vulnerabilities and force the world to fix them. Now I didn't know how well this message might come across and I am humbled and overwhelmed and excited  ‑ ‑ I think the virus worked. Because almost 800,000 people watched it shared it. And so apparently, outside of this conference, outside of this community, there is a willing audience ready to start looking at hackers differently. Expecting us to start being those heros. And so it's time for me to be here and come full circle with you guys and tell you about how we can be those heros and how we can make that change happen. Now I'm not a futurist, but I can offer one prediction with regards to the technology of future and cyber space. We don't know what's coming around the corner. Technology's changing so fast. But if we leave our digital future, our civilian and government infrastructure, if we leave all of the technologies we rely on solely in the hands of governments and multinational corporates, guess what guys, they will mess it up. Now we can argue about the degree and measure of failure that is going to happen. But based on past experience, there is no reason to expect things to be different, especially with the way certain governments are looking at cyber space. So I think now is the time, now is the transformative time in history of technology and it's the time for hackers to start making that kind of impact. But in order to make that happen, we have to make a choice. We have to decide that we are willing to be part of the solution and not part of the problem. So today, in order to make it easy for you to make the choice, I'm going to walk you through some of what I think are the biggest thorniest, hairiest problems and why I think it does fall to hackers to fix these and we can't leave it in the hands of government. Now let's start with what is perhaps the chunkiest problem of them all. That is the cyber problem. I know cyber's been, they lose it to a drinking game. And I will happily have a drink later, but I think there is a good reason to talk about securing cyber space. And not just information space, or information policy. And in fact I will also buy a drink to anyone who can tell me right now where the word cyber, or the prefix cyber, not the noun, not the verb, but the prefix cyber, where does that come from? Raise a hand anyone? Yes? >> (Inaudible). >> Yes you are correct ma'am, in fact. Very nice, I will buy you a drink later. The lady mentioned it has to do with a Greek origin. Let me give you kind of short history lesson about that. This guy, professor nor bit weaner, that's his real name. He's a man  ‑ ‑ he was a math professor here in the United States. And in 1948, he developed a new scientific discipline called cybernetics. He came up with after he saw in World War II what new remote command communication and consulting technologies were doing. How radio has been transforming the (inaudible). How the new concept of digital computers is influencing signal intelligence. And how new technologies out into the world are making a transformative change. So to (indiscernible) all of these different control and communication systems in the animal in the machine, that's the name of his book, he used the term cybernetics. He didn't even know the type of technologies they have right now. But he did boar refrom the ancient Greeks and rather for their term, for the guy running the boat, the (indiscernible) commanding controlling, and communicating orders. That guy is maybe called in English a captain, but in Greek, it is called the (speaking another language.) And that is the source for cyber. And actually my home language of Hebrew, we still call the captain of a boat, also the guy running the country (speaking another language.). it comes from the same origin. We can make fun of cyber and whether it's a relative term or not, but cybernetics technologies controlling and commanding stuff, this is how allow human kind to have freaking laser shooting robots running around on Mars. But also tweeting about. This is all apart of the same problem space and I think this asterisks describes securing these technologies as cyber security. In the past 25  years, these have been the software environment, an IT ecosystems where most vulnerabilities were being (inaudible). This is a top ten organization and software environment and have the most vulnerability TS according to force fire. 25  years of vulnerability report. That's been our history. But the future of our (inaudible) is not going to be about information technology. It's going to be about new devices, device  ‑ ‑ not PCs, not web servers. Devices, watches, ATMs, (indiscernible) cars, that are running these vulnerable software. And it's also going to be about all of this other stuff. Radio frequency and global (indiscernible) systems. And aircraft control. So this is a lot of different technologies coming together. The same stuff that allows the university of Texas hackers to hijack the course of an $18  million yacht by changing the signalling of the position information that they were getting, by sending out positioning signal that was stronger than the one that was on the boat. They tricked the actual (indiscernible) man, the actual (speaking another language.) Of the boat and sent it going someplace else. It's the same stuff having setting people take control of instruments. And yeah, cyber security is also about protecting a blue tooth enabled toilet. So you know what guys, there is not one single government vendor or any entity that's secure all of this stuff. It's a complicated problem. But not only that, a lot of these vendors and governments are like new shifts have come to life, man. And we have got to stop and wrap our minds around this complicated boggle. And they are somewhat correct, but you know what else? Some of this is old shit connected in a new way. And the only reason it is coming to light in the first place is because hackers are exposing it and showing those vulnerabilities. So to quote to late barn bee jack, sometimes it just falls to us to demonstrate the threat so we can spark the solution. And I wholeheartedly agree. I think we have to keep looking at these new technologies. Because there is no better (indiscernible) than the light of day. If the hacker community makes the point of researching vulnerable technologies, whether they are blue tooth enabled toilets, smart homes, cars, medical device, we will make some change happen. And it is going to take a bottom up approach. Not a top down solution created by one company or regulator or one government. You got to research what matters in the worlds of josh and Nick from (indiscernible). Just one years ago they showed I think in this very room, in fact, (indiscernible) Sunday right? Telling hackers about why we have to start focussing our research and efforts, researching technologies that matter for protecting human life and public safety. And yesterday, after a year of activities, they showed the progress they have made. With research in medical device security, automotive secure, smart homes and infrastructures. And I encourage you to check them out and see what they're up to. But that's not the only way you can make a difference. There are many different ways. And I'm going to go into that in a second. I think I have to make a quick stop now. Hi guys. So umm, I have a nice life over there. No ice for me. Another way to contribute and make positive things happen, ooh wow, that's nice. So, this is a bottle of 12‑ year‑ old (indiscernible) whisky I believe. Thank you. (Applause.) >> 'Cause that's how she rolls. >> True that, I kind of make a point mentioning to them I am a single malt girl and I will not drink bourbon Tennessee, other types of whisky. So building securely is a project  ‑ ‑   ‑ ‑ to offer internet of things security for people that are developing (inaudible) project. So it's an easy way if you're interested in some things, it's an easy way to get information project. And before I move on to the next one, thank you so much. >> It's really hard to get accepted to give a talk at DEF CON. Let's give a big round of applause for our speaker. Show the love. (Applause.) Cheers cheers. >> Thank you so much. >> Thank you. >> (Speaking simultaneously). >> I'll check in later then. >> Okay. Thanks. Cheers. Thank you guys. I appreciated that I got a glass right. >> (Inaudible) long talk. >> The reason I only drink single malt WIS key in a real glass is because you know, it's spent 15  years in a barrel and then some time in a bottle, I just can't bare to put it in a plastic disposable cup. You know what I mean? All right, on with the show. So the plot thickens. Even with the best intentions in mind, those governments and vendors are not going to be able to solve the problem. But guess what, some of them don't have the best intentions in mind. In fact, there are huge resources at work actually keeping the world vulnerable. In the past year, we've all been perhaps shocked to learn exactly how much money the NSA has been spending on buying a our vulnerabilities. Then we learned they even went as far as to pay a security company to include the deliberately weak random number generator and make it a default in one of their core (indiscernible) qualities. Now a few months ago, as the openness vulnerability became known to the President Clinton, it was also alleged that the NSA has knowledge of this and expected it for years. Now that might not be true, but it is safe to assume that similar things have been going on. And so there is a little bit of a paradox at play here. Because security agencies, security agencies have been making the world deliberately insecure. And that's part of the problem we have got to be facing. What's really making my own heart plead if you don't mine, is STOIry stories like this. Cover of time magazine last month. You probably haven't, but you've seen the headline. It says World War 0. The global battle to steel your secret is turning hackers into armed dealers. Get it guys. We are the armed dealers. Not the government agencies. Not the vendors, not the companies selling 0 data to the highest bidder. This really does break my heart. Because I think a small group of people making a profit by selling 0  days is painting all of us in a bad life. So what's the solution to this? How can you avoid being the armed dealers. I think we can start by not keeping our (indiscernible)s to ourself. Tip ST scale and disrupt the 0  days on vulnerability market. Yes there will always be 0  days.   ‑ ‑ before the bad guys do, we're going to make their life harder. And in fact, the reality is, never before have there been so many different avenues for hackers to disclose bugs and didn't get paid for them. We all know about bug bounty programs like competitions like (indiscernible) to own. There are literally dozens if not hundreds of bug bounty programs out there by specific vendors. I think that's a fantastic thing. It's transformation in our industry. There's also the internet bug bounty project started by (indiscernible) first and hacker one. That is a great avenue. Hi. Casey's right there by the way. Give her hand. (Applause.) So things like the internet bug bounty is this fantastic way to have an incentive  ‑ ‑   ‑ ‑ that are maybe open source or not managed by specific vendor and still get paid. And I think that's great. Google's announcement of project 0 also give us some room for hope. But again, the plot thickens, and it will need our help. There are a lot of companies and organizations that do not have bug bounty programs. That do not have disclosure policies. And the reason they can do that because they can afford not to have that. They can sweep up the bugs under the carpet or ignore them or pay a little  ‑ ‑ or pay a lot to those companies selling the bugs quietly and never fix them. So we have to work that much harder. We have researching vulnerability disclosing them. And make it so these companies and organizations cannot afford not to have a disclosure policy in place. Or a bug bounty program. Again, there is no (indiscernible) infection than the light of day. And it is going to take a bottom's up approach. When I say bottoms up... (Applause.) So we don't have to be polite about disclosing vulnerabilities. We can start polite, but if they don't listen  ‑ ‑ database. But I see some of the faces here in the audience are still kind of like this. Not convinced are you? Why should you care right? Just security professionals, you want to protect your own little piece of heaven from all the bad stuff out there. You want to be doing your stuff and not let all the bad stuff touch you. Well I want to tell you two more reasons, two more problems why ink each of us as a security professional needs to care about securing cyber space as a whole, a big problem space of all technologies. The first reason, which is burden overall, we are only as weak as our weakest link. That's not a mistake. We're not as strong as our weakest link, we're as weak as our weakest link. In the past year, we learned you could be a retailer have a multimillion dollar security program in place, you will still get (indiscernible) because you're lame as  ‑ ‑ out of bumps wherever, didn't bother to put antivirus in place. You can be one of the world's leading security companies and develop the cutting edge one time pass ward security (indiscernible) mechanism. All it takes is one e‑ mail, one spear fishing e‑ mail to your parent company with one slash vulnerability embedded in an excel file. Not X files. I was a fan you know, so. Still waiting for MULDer. Anyway. This is all it takes to implicate that multiple dollar security company in the fact that the J 22 model out of change due china looks a lot like the F 35 model made by Lockheed Martin. And so, it might be a question of time before one of your providers, your partners, your customers, your employees, will mess it up. And get you owned in the process. So you have to care about the security of other organizations and people you are in touch with. But this problem also has another aspect to it. And that is everybody's actually on the front line. Guess what, there are no fierce cyber warrior defending the perimeter. Because there's no perimeter. We are all civilians in the cyber space and using the same infrastructure. YOUN those people who say why should I bother to secure my Facebook account. If you're not part of the solution, you are part of the problem. These are exactly the people and organizations and companies that don't bother enough and then their resources, their digital assets, their cloud and social media profiles and e‑ mail systems become just a launching bad for the next effect on you. Now I'd like to move on because I think if we don't take the time to solve this problem, then we are all going to be part of a bot net or our machines are going to be part of fishing campaigns. We all heard about these problems. They're pervasive. So what can we do faced with a complicated nature of this problem? You could always join the Amish. That might work for some people. But that's (indiscernible) bones. Yeah, they now have smart phones as well. That's a good point. So maybe the Amish are not that safe anymore. Perhaps another approach then might be to start working together. To start collaborating and not being shy about saying how exactly we were breeched and what were our problem. Reaching out of your industry, your sector, your community, there are so many information sharing programs, so many ways to share this technical and practical information about, how you got own so the next guy doesn't. ‑ ‑ I'm saying you should be doing this, collaborating and sharing information because you're going to be a text next. And you're not knowing the malware is coming at you unless you talk to your partners and competitors at times. But where we are going to get I think the most bang for the buck as it were, is by empowering the mass  ‑ ‑ the shiny happy people that don't think they have anything to hide. Nobody's looking at them, but nobody's interested in the device of their machine, the credentials et cetera. These are the people we have to start talking to. And there are various ways to make that happen. One thing I like is crystal parties. These have been hugely popular in Europe and Germany. And there's a wiki and how to to throw a crypto party in your home down. It's a community event where you teach basic security, privacy and cryptography measures to regular people. But you don't just teach them, you actually configure the stuff on their devices. So maybe they can learn how to use PGP. I know it's a bit hard. And other ways to be supportive is policy organization that changing public opinion by raising awareness but also challenging and renegotiating the terms of engagement with government civilians and the technologies in between. Now I'd like to tell you about something pretty cool that we actually did back home. Which is a little bit out of the box I think. We called it red cyber team. And this is one of the group of volunteers. Maybe one of them is even here today. (Indiscernible) you around? All right. He's hiding. So this was a group of volunteers. People who are (indiscernible)s and in their day job, they do security assessment. They brought themselves together, and in the course of a few afternoons, maybe a month or two, they visited a local hospital outside tell VOOEF. That didn't really have budget or awareness or security issues at all. After they went in is and show it had hospital management exactly what they could do, that turned things around and that got that organization to pay attention to security. They did follow a code of ethics when they did what they the did. In the end, they only got a (indiscernible) hat and the fit feeling that they did something good. I'd like to offer you a way to own some bonus points if it were in the effort to make the world a better place. I know that sounds kind of corny. Sisco estimates that we're going to need one million more security professionals in the coming year. Now, it's time we started procreating. It's time that we, as a industry, yeah right? It's time that we as an industry begin propagating and making more supported specialists out there. You can do this by reaching out to someone. Creating a mentor.   ‑ ‑   ‑ ‑ company or organization by talking to people. Something I do a lot is go speak with computer science and engineering students in high schools and colleges. And I just tell them what they can do in the cyber security industry. And they seem pretty excited. And I hope many of them become security professionals. Now you cannot do anything about this. And guess what, there will be one more, one million more security professionals. Because the market is going to need them. They're just not going to be as qualified as you guys like them to be. That should be an incentive to start reaching out now. Overall, what I'm suggesting is that we empower these shiny happy people to be a bit more like us. Right? To be armed to the fists, to be there with us on the front line. Because they're only going to be as secure as we help them become. And if we don't, they're going to drag us down. So that's one way, or actually I described a couple ways you can do good things. But to kind of wrap things up, I'd like to ask you who here knows what has been a phenomena causing power outages in the United States that's also (indiscernible) on  ‑ ‑ in the past 20  years. I'm sure somebody can guess. That's right. It is the squirrels. You guys know your stuff. For those who don't, in the pretty extensive SUR way, the New York Times did last sum E they found out squirrels munching on power line|s, I mean the actual animals, eating power cables were the cause of a lot of power outages. This was actually mentioned here at DEF CON by I believe (indiscernible) a  ‑ ‑ Yes we don't see billions of dollars persistent squirrel preventive technologies. A mystery. This is because the the fuzz of cyber has taken over. We can raise our hands and say kids get off my lawn or try to change this. For those of you not familiar with the term fuzz, fear uncertainty and doubt this is actually originally developed as a scare tactic by IBM sales people in the seventies. They wanted to prevent competitors from selling technology to the customers. They told them there's no telling what's going to happen if you buy that stuff, but today, FUD is being used to funnel billion of dollars into government agencies and military work and hacking  ‑ ‑   ‑ ‑ offensive and defensive technology that's simply not going to help the everyday people. So the public is kept in constant fear  ‑ ‑   ‑ ‑ pixlated apocalypse that's right around the corner. Have you heard of digital pearl harbor, that kind of stuff. That kind of stuff keeps it vague and scary and in the hands of government and militants. Where actually, where I believe most of the problems are, are in the civilian cyber space. Regular people and regular companies. Not the mill TARZed weapon stuff. How can we stop the spread of FUD. You can fight FUD with facts. You can seek the truth out for yourself. And when somebody use AS vague term like millions of cyber attacks are being stopped each day, ask them millions of what? Millions of packets? Millions of port scans? Millions of infected devices communicating with the CMC server? Be concrete with the terms. You know in biology, we can hear about the ten million microbes living in this bottle if people don't get sick all the time. You're going to be using concrete terms that have relevance to our industry, to our field. And it's easy to go out to those high numbers A. Billion cyber attacks on counting microbes. Once they seek out that information for ourselves, and I think that is something this industry, you know this community is very good at doing because you know, raise your hands if you're allergic to  ‑ ‑ That is I believe a defining characteristic of our community. It's good, it's good to have that. But it's also important not just to be allergic to bullshit to have that knee jerk reaction, but also speak down OT information that's really happening. And once you know what's up, communicate that out bounds. Communicate it outside of our community. There is a gap between us. A gap between the hacker world and the rest of them. And we have to be mindful of that gap and keep preaching out and telling people what it's like so they're not this warted by the fog of FUD. The problem of FUD flows both ways. Certain government, agency, certain decision makers, if you pardon my French, they eat where they shit. That means, they're also feeding the public with the same FUD they're being fed. Those are a lot of Fs. I need a drink. So they're being fed with the same FUD they are spreading. You know how they say there is no patch for human stability? That is not accurate. Because if we expect the decision making people and the decision making algorithm are not going to change, we can still influence the (indiscernible). We can still make sure that the information that the decision makers are getting and the way that they are keeping these issues that will matter to everybody are concrete, honest, not laced with if you had and bullshit and high PESH la. So many meetings with congress people et cetera. You can do the same thing in your own communities and countries. To wrap things up, I think the internet needs you not to grow cool facial hair, but rather to save it for the future. And there are five things that we can all start doing right now. And you know what's the cool thing about it? We don't need to ask for permission. We are hackers, we can do whatever we like. We don't need a key, we'll break in right? So to summarize, we can be researching the technology that affect human life and safety. We could be researching stuff that matters. We have to, you know, disclose more bugs, find more vulnerabilities and get more information out there one way or another. We can collaborate and share within our industry community but also outside of it. And we can empower the masses so that they don't have to  ‑ ‑ are going to have red mohawks. And of course, stop the spread of FUD, which is something everyone can do just like  ‑ ‑ to help the spread of microbes. Now let's reflect on everything I've told you. I claim TA GFTs will |fame to a certain extent to claim cyber space and (indiscernible) space for the rest of us. We can argue about how big the failure will be, how (inaudible) the extent of it. We can argue about what are we going to do about it. But one thing I don't think we can argue about is can we afford not to do anything right now? And so yeah, we can use our powers to read people's e‑ mails. That's fine. We can also use our power to be this guy to save the world. Or maybe more like this guy, if you're a cyber fan like myself. You could call me in a sense, naive, adorable, as some people have been known to do. You can say that I am a romantic hacker that expects things that are not reasonable. I grew up with my little ponies, but also with hackers and gadgets and (indiscernible)s. And I'm excited to see the science technology I imagineed a reality. I think in that reality, hacking is magic. And it can save the world. Thank you. That's overwhelming. Thank you guys. You're too fine. Guys and girls I might add. This year, I've seen more ladies at DEF CON than ever. (Applause.) Yeah, keep coming here ladies. And so let me know what do you choose to do. Red pill or blue pill, part of the problem or part of the solution? And you can easily find me on twitter or the interweb and you can also send me multicolored (indiscernible)s if you think that I'm romantic. But I hope you join this and become part of the solution. Thank you guys. (Applause.) I think we may have a minute or a couple for questions. All of the hand waving and signalling. That might have something to do with the WIS key. I see a guy over there. >> So I don't think you're naive. What areas are you personally dressing with (indiscernible) process of what it is that you would want to see or have done. Specifically what's happening right now over in your own country. >> Okay. So actually specifically with what's happening right now in my country. That's a good question. I have a story to reply with that. I can clean it up. Anyone know what that is? IE row dome. The missile defense system that's been intercepting rockets that have been fired  ‑ ‑   ‑ ‑ don't worry this is not political. A few weeks ago brine KREBs broke a story about how some of the defense companies developing iron dome has been breeched by Chinese hackers. The story made the rounds on BBC. Business insider, guardian, a bunch of others. And the headline started to volt. And by the time they got into Israel media, the headlines read iron dome needs a cyber iron dome. As I was getting ready to come out here to DEF CON, I within the to see my hairdresser. Obviously an important person in my life right? And he was like I know you're in the cyber security stuff. What's going on? Are the Chinese hackers now controlling the rockets over our heads? And what I do when I'm faced with that sort of fear, uncertainty, and doubt, I go back to the media and the people I'm in touch with with people in the university and other people in Israel, and say listen, let's get the facts right. What actually happened is that several companies that have something to do with the development of iron dome did experience a breech. And those companies responded that the breech happened three years ago and it has some classified documents lekked out the to potentially Chinese hackers associated with a specific threat, 61389, that it wasn't anything about iron dome, specifically in it. And it was not mean that some guy siting in shanghai can now control the rockets here in tell VOOEF. So to answer your question sir S to talk to the people like that. I go to the media. I talk to the public  ‑ ‑ and I try to get the facts for myself so that I can communicate them outside. Yes? A question right here? I am not familiar with you guys. So if you have a question, wave perfusely. You guys and then one guy over the back. >> How do we get more women in security? >> That is a fantastic question. I actually, one of the panels I submitted, but it was rejected. Never mind, I got over it. Not (inaudible) all no. I think one way is by creating accessible role models. For me it was Angelina Jolie. For other people it might be different women. And I think it's critical we get more speakers and (indiscernible) and talk not just about technical stuff, but also about our specific career paths. I speak to girls who are learning computer science back in Israel all the time. I tell them how I got start. What's the security industry like. Is it true that there are only boys at DEF CON. No I tell them it's not true. And every year I've been coming, I've seen more women. I tell them that. And I think it's a good question too because we are going to need, you know, that 50  percent of the potential work force. So my response would be accessible role models and getting more of that out. There's another side to that, and that's something you guys can do. You know our black hats, white hats, don't be a douche hat. (Laughing) thank you. There was a guy over there in the back. Yell. Okay, so the question was in academia a lot of the (indiscernible) is focused on the military side of thingings. And not enough on the civilian side and the civilian role and security matters to civilian societies and how can we counterthat? So one thing that I am a big believer in is having always that one leg in academia. My research fellow with tell -inaudible- university. And I constantly talk about this stuff. We talk about things like anonymous and private individuals who are making a difference in the security industry. We talk about the role of. I don't know here in the United States, it might be different, but in IZ really, the tell code (indiscernible) the civilian companies are not doing inform. They keep saying that. Every place I get in university, and outside of university. I also kind of am using the university as almost like back door in a way. Don't tell them right. But I'm using that to influence public opinion. Because university (indiscernible)s where the prime minister comes down. It's a prime minister. And I try to make sure at those events, the content and questions about not just military and strategic cyber war and stuff, but also practical cyber war security issues and everybody raised. All right guys I think that's all the time. >> One more question please. It's over here. Do you think it's time for us to take back the word hacker. It's not cyber criminal, it's not attacker, and when somebody says a hacker did this and hacker did that we need to say no that's a criminal. That's a nation state hacker. And something specific, than say hacker which is lazy. >> Personally I have to say, I've been proud to use the term hacker. I've been proud to say I'm part of the hacker community. I never thought it was a negative thing. I always thought it was a badge of honor. Honestly, I think the term hacker implies capability. It implied intuition and curiosity. And then what it call comes down to is the actual individual choices the hacker makes. Whether they choose to become a cyber warier defending their nation, whether they become a cyber criminal, a hack VIS. Those are career paths. Personally, I think it's important to use the term hacker in every opportunity I get. My first line| my I first sentence is a security researcher did that. Otherwise known as a heark. I put them together to make it clear that this is the sort of thing that's being done by hackers and it's a good thing. Each of us has to make their own decisions about how they are proud or how they want to represent themselves. But by being good hackers in a way, I know it sounds like care bare stuff, but I like the care bares. They're cool. But by being a good hacker, we can redeem that image and we can say, yeah, hackers did that. And that's really cool. Hackers brought back internet connectivity to Egyptian residents in the  ‑ ‑ also helped Syrians and they are also exposing problems in medical devices that are life threatening. So thank god we have hackers. That's what I believe in. Thank you. Thanks a lot guys. (Applause.) Thank you it is incredibly rewarding and humbling and overwhelming to be able to advance you guy SCOMBS girls here. So rock on. Hack the planet. (Applause.) More whiskey, the lady in purple, I owe you a drink. So for anybody that has questions, she's going to be moving to the chill out cafe. Feel free to follow her over there. Enjoy. >> Chill out cafe, questions. Chill out cafe. Thank you guys.