1
00:00:02,730 --> 00:00:05,380
And so we're ready to go.

2
00:00:05,500 --> 00:00:09,020
So I'd like to welcome to the stage our first speaker today.

3
00:00:09,100 --> 00:00:13,300
This is Cyber Queen Meg, otherwise known as Megan Howe.

4
00:00:16,000 --> 00:00:19,420
Megan is a passionate, rising cybersecurity...

5
00:00:19,420 --> 00:00:21,220
Oh, I forgot, sorry.

6
00:00:21,300 --> 00:00:30,380
She's going to be speaking on Building the Cybersecurity Workforce Pipeline, How to Recruit and Educate the Next Generation of Cyber Warriors.

7
00:00:30,380 --> 00:00:37,400
Megan Howe is a passionate, rising security professional who's interested in programming, cybersecurity, and web development.

8
00:00:37,400 --> 00:00:44,720
Megan is attending Grand Canyon University in Phoenix, Arizona, to earn a Bachelor's of Science in cybersecurity.

9
00:00:45,120 --> 00:00:57,960
Megan is currently a threat analysis intern for the Arizona Cyber Threat Response Alliance, as well as a customer success intern at a cybersecurity startup called Trusona.

10
00:00:57,960 --> 00:01:00,620
Megan works as a freelance bug bounty hunter.

11
00:01:00,620 --> 00:01:02,540
Wow, that's kind of interesting.

12
00:01:02,540 --> 00:01:06,640
And is particularly focused on hunting for web security vulnerabilities.

13
00:01:06,800 --> 00:01:11,320
Megan also contributes to open source projects, GitHub.

14
00:01:11,700 --> 00:01:20,200
Previously, Megan has worked as a cybersecurity intern for the Paradise Valley Unified School District and for the Arizona State University.

15
00:01:20,200 --> 00:01:23,740
And I might add that she is an excellent violinist.

16
00:01:23,900 --> 00:01:34,360
Megan is a nationally recognized cybersecurity scholar and has earned industry recognition and certifications through GEAC, ETA, TestOut, and Microsoft.

17
00:01:34,360 --> 00:01:48,920
Megan is a 2021 National Cybersecurity Scholar, 2021 NCWIT, or National Honorable Mention, and two-time state champion in the SkillsUSA's cybersecurity competition.

18
00:01:48,920 --> 00:01:58,140
As a female student in cybersecurity, Megan also shares her perspective on cybersecurity and women in technology with audiences worldwide.

19
00:01:58,300 --> 00:02:01,240
So welcome, Megan, to the stage.

20
00:02:01,240 --> 00:02:02,380
Take it away, Megan.

21
00:02:06,250 --> 00:02:08,470
All right, I gotta figure out how to grab this thing.

22
00:02:08,470 --> 00:02:09,350
There we go.

23
00:02:09,830 --> 00:02:14,150
Thanks for the warm welcome, X-Ray, and thank you all for having me today.

24
00:02:14,210 --> 00:02:24,710
So as X-Ray mentioned, I'm gonna be speaking on building the cybersecurity workforce pipeline to recruit and educate the next generation of warriors.

25
00:02:24,710 --> 00:02:26,110
Next slide, please.

26
00:02:29,290 --> 00:02:31,170
So who am I?

27
00:02:31,170 --> 00:02:32,810
A photo's worth a thousand words.

28
00:02:32,810 --> 00:02:36,510
I've got different pictures up here to kind of illustrate who I am.

29
00:02:36,650 --> 00:02:50,910
I'm a dog lover, a recent high school graduate, a violinist, a public speaker, cybersecurity enthusiast, a conference attender, but most importantly, just a normal teenager who does normal teenager things.

30
00:02:50,910 --> 00:02:53,570
I don't just do cybersecurity all the time.

31
00:02:53,570 --> 00:02:59,530
I also like to have fun with friends and family and hang out with my dogs that you can see pictured.

32
00:02:59,950 --> 00:03:01,590
So next slide, please.

33
00:03:03,490 --> 00:03:08,190
So in the cybersecurity industry, we have a problem.

34
00:03:08,190 --> 00:03:24,510
There's too much demand for incoming cybersecurity professionals and not enough skilled or interested people that even want to go into cybersecurity, partially because a lot of people don't even know that the field exists, especially children.

35
00:03:24,510 --> 00:03:38,730
And this leads to also our education problem is that very few K through 12 schools teach practical cybersecurity content, and most colleges don't have a cybersecurity degree program or a minor.

36
00:03:38,730 --> 00:03:51,890
And even if they do, most of the time it's based on, yeah, the technical, not the technical, the business side of cybersecurity, not the technical side.

37
00:03:51,890 --> 00:03:53,450
Next slide, please.

38
00:03:54,510 --> 00:04:01,610
And so before I go on to my next slide, I have a little disclaimer is that I don't know everything.

39
00:04:01,610 --> 00:04:05,370
I just am a recent high school graduate.

40
00:04:05,370 --> 00:04:09,930
I don't have years of work experience like many of you have.

41
00:04:09,930 --> 00:04:14,130
And this is the end all, end all for cybersecurity.

42
00:04:14,130 --> 00:04:27,050
It's a potential framework for solving the workforce gap and getting more youth interested in cybersecurity that I hope that some of you can find parts of this useful.

43
00:04:27,050 --> 00:04:31,610
And I'm gonna be going over this framework here today in my presentation.

44
00:04:31,610 --> 00:04:35,190
So at the center of everything is community.

45
00:04:35,190 --> 00:04:49,170
Nine C's of cyber has to start with community, and then we build to concrete experience, clubs, coursework, competition, certifications, conferences, rear shadowing, and college.

46
00:04:49,170 --> 00:05:03,730
So each of these points has different things that we as cybersecurity practitioners or as business owners or as concerned community members can do to help boost the cybersecurity workforce and boost interest in the field.

47
00:05:03,730 --> 00:05:05,230
Next slide, please.

48
00:05:07,290 --> 00:05:09,370
Community, next slide.

49
00:05:11,210 --> 00:05:25,230
So before anyone is going to be interested in learning cybersecurity, but especially young people, we have to create environments that are welcoming, safe, fun, exciting, and supportive.

50
00:05:25,230 --> 00:05:42,350
People have to feel safe enough in these environments to learn, grow, try new things, not necessarily good at those new things, fall down, get back up again, and have the support to pursue their passions, whether it's cybersecurity or not.

51
00:05:42,350 --> 00:05:49,610
But in order to find passion, we have to have safe spaces for people to be able to explore those passions.

52
00:05:49,610 --> 00:05:51,130
Next slide, please.

53
00:05:53,290 --> 00:06:13,610
Mentoring is another key component of getting youth interested into cybersecurity and getting them integrated into a community because mentoring youth allows them to learn from you and learn about the workforce and what your job is and all the cool things to do in your job.

54
00:06:13,610 --> 00:06:15,870
You're also a resource for them.

55
00:06:15,870 --> 00:06:27,410
You can connect them to your network or possibly provide them with an internship at your company or help them with a resume or a cover letter or a job interview.

56
00:06:27,690 --> 00:06:47,070
But you, us adults, will also be learning from the people that we mentor because they can teach us so much about how to support the next generation and how that all works together and how we can best support them and other people like them.

57
00:06:47,070 --> 00:06:50,850
And so mentoring is definitely a two-way street.

58
00:06:51,030 --> 00:06:52,190
Next slide.

59
00:06:54,130 --> 00:07:12,790
Community gatherings, just like this one, are also important because when youth are permitted and encouraged to attend meetups, capture-the-flags, and conferences, they can meet people, do all sorts of cool activities like logging or a capture-the-flag competition where they learn about hacking,

60
00:07:12,790 --> 00:07:15,470
and meet people, get some cool swag.

61
00:07:15,470 --> 00:07:17,330
We all love swag.

62
00:07:17,450 --> 00:07:28,630
And form connections and bonds and spark their interest in cybersecurity, get them really engaged and wanting more.

63
00:07:28,630 --> 00:07:30,230
Next slide, please.

64
00:07:31,870 --> 00:07:33,090
Clubs.

65
00:07:33,090 --> 00:07:34,470
Next slide.

66
00:07:35,970 --> 00:07:42,830
So after-school extracurriculars are a really good first step to introduce youth to cybersecurity.

67
00:07:42,830 --> 00:07:52,410
And I'm kind of gonna go through a logical progression of first steps to more advanced steps throughout this presentation, which is why I have it ordered the way I do.

68
00:07:52,570 --> 00:08:01,170
So the first way I was introduced to computer science first and then cybersecurity through after-school extracurriculars.

69
00:08:01,170 --> 00:08:11,550
I was a member of Girls Who Code in middle school, seventh or eighth grade, about the beginning of my teenage years for those of you not in the US.

70
00:08:12,130 --> 00:08:17,870
And I learned how to code for the first time in a safe and supportive environment.

71
00:08:18,650 --> 00:08:21,390
But clubs can be more than just coding.

72
00:08:21,390 --> 00:08:38,190
There's a person in, I believe, Minnesota who has a Linux club, and he teaches middle schoolers how to use Linux and then do all sorts of open-source community projects and even distribute computers to kids in their classrooms that need them.

73
00:08:38,190 --> 00:08:39,390
It's really cool.

74
00:08:39,390 --> 00:08:41,530
Coding clubs are also cool.

75
00:08:41,750 --> 00:08:46,690
Hacking clubs could be super fun for high schoolers, but not just school.

76
00:08:46,790 --> 00:08:48,850
We need to have more than just school.

77
00:08:48,850 --> 00:08:51,290
We also need to have community programs.

78
00:08:51,290 --> 00:09:16,510
So it's crucial that we have our girls and boys clubs, our big brothers and sisters, all of these community programs that exist all around the world, including and increasing the group of cyber security skills, offering a workshop, or when Boy Scouts and Girl Scouts offer cyber security badges that are pictured on this slide right here.

79
00:09:17,630 --> 00:09:30,270
And when libraries and community centers and all sorts of places in the community put together these programs for kids, they might get exposed to it.

80
00:09:30,270 --> 00:09:32,050
And before they might have not.

81
00:09:32,050 --> 00:09:33,450
And same with adults.

82
00:09:33,450 --> 00:09:49,670
And if we have people that are willing to support and sponsor these types of programs, those, not just older kids, but kids of all ages to the fun of security, I believe that we can start getting people interested in cyber security.

83
00:09:49,670 --> 00:09:55,110
Because honestly, half of the problem is people just don't understand cyber security.

84
00:09:56,590 --> 00:10:00,230
So we have to first by fixing that.

85
00:10:00,230 --> 00:10:01,750
Next slide, please.

86
00:10:03,650 --> 00:10:06,070
Volunteering is also super important.

87
00:10:06,070 --> 00:10:18,190
It allows youth and adults to give back to the community, but also allows us to reach youth that maybe we wouldn't reach through an after school club or a community program.

88
00:10:18,290 --> 00:10:33,990
So I think a really good step for this would be setting up programs to provide cyber security services for small businesses, charities, or houses of worship, like your local church or temple, or whatever house of worship you attend.

89
00:10:33,990 --> 00:10:46,290
Because then you can pull in youth and other people to help run these services and get that benefit as a small business charity or house of worship.

90
00:10:46,310 --> 00:10:55,550
But also maybe get some people interested in cyber security that may not have been exposed to it if it weren't for these programs.

91
00:10:55,550 --> 00:11:00,630
And another cool program that's run is a program called TechCampers.

92
00:11:00,630 --> 00:11:04,490
It's run by the Air Force Association's Cyber Patriot.

93
00:11:04,730 --> 00:11:11,750
And it's all about educating older people, people new to technology on digital safety.

94
00:11:11,750 --> 00:11:15,310
So they have a free certification that people can take.

95
00:11:15,310 --> 00:11:19,130
It's aimed towards youth, but adults can become certified in this too.

96
00:11:19,130 --> 00:11:29,910
And it's all about helping to educate older people who aren't as familiar with technology on how to be in a way that they can understand.

97
00:11:30,210 --> 00:11:35,390
So that could also help recruit some more youth into cyber security.

98
00:11:35,390 --> 00:11:43,470
Say if a school were to set this up as a community service project and kids would be like, hey, this is kind of neat.

99
00:11:43,470 --> 00:11:47,170
These are all the kind of different things that go along and this is how people fall for it.

100
00:11:47,170 --> 00:11:49,810
I wanna be able to help stop that.

101
00:11:49,970 --> 00:11:53,050
So that's another really neat program that exists.

102
00:11:53,050 --> 00:11:54,370
Next slide, please.

103
00:11:56,930 --> 00:11:59,290
Competitions, next slide.

104
00:12:00,790 --> 00:12:12,230
So Capture the Flags, I'm sure everyone on this call, at least in the VR space has probably played many of Capture the Flag at DEF CON over the years.

105
00:12:12,410 --> 00:12:23,610
But for those unfamiliar, they're hacking competitions where you get points and rewards for finding virtual flags or solutions to a problem you're tasked to solve.

106
00:12:23,610 --> 00:12:42,010
And these competitions can help teach anyone about cryptography, web hacking, networking, how Linux works, how Windows works, how you hack a mobile application, how you hack artificial intelligence, all sorts of neat computer stuff.

107
00:12:42,010 --> 00:13:01,090
And by integrating these competitions into classrooms or community events or clubs, you can get youth interested in cybersecurity by giving them a creative and competitive outlet to explore in.

108
00:13:01,090 --> 00:13:12,310
It gives them this amazing opportunity to just try to solve a problem and get a bunch of points and rewards.

109
00:13:13,830 --> 00:13:17,170
That's also a really great motivation for youth.

110
00:13:18,590 --> 00:13:27,270
But yeah, Capture the Flags are really great for getting young people in because of the competitive nature of the activity.

111
00:13:27,270 --> 00:13:28,730
Next slide, please.

112
00:13:31,030 --> 00:13:37,450
Cyberstart America is a specific Capture the Flag that I've participated in.

113
00:13:37,450 --> 00:13:48,110
It starts out with this gamified experience where you can learn all about all sorts of different cybersecurity missions, if you say.

114
00:13:48,110 --> 00:13:49,510
You can learn about networking.

115
00:13:49,510 --> 00:13:51,550
You can learn how to use Linux.

116
00:13:51,550 --> 00:13:58,030
You can learn how to exploit an SQL vulnerability in a database.

117
00:13:58,030 --> 00:14:00,590
It covers almost everything.

118
00:14:00,590 --> 00:14:08,190
And then the highest score in this game that's about six months, get invited to this 48-hour competition.

119
00:14:08,190 --> 00:14:11,610
It's a Capture the Flag, runs for 48 hours straight.

120
00:14:11,610 --> 00:14:20,570
And it covers web exploitation, binary exploitation, forensics, networking, and a bunch of other different challenges.

121
00:14:20,570 --> 00:14:29,490
And I did this in spring of 2021 and placed among the highest in the Capture the Flag.

122
00:14:29,490 --> 00:14:35,390
And I won a BIAC certification attempt and a college scholarship through it.

123
00:14:35,390 --> 00:14:45,370
So I earned my GFAST, GIAC Foundational Cybersecurity Technologies certification through this completely free program.

124
00:14:45,370 --> 00:14:58,390
And so it was a really great opportunity to learn not just about cybersecurity, but also the fundamentals that you need to know to be good at cybersecurity, such as networking or Linux or programming.

125
00:14:58,390 --> 00:14:59,810
Slide, please.

126
00:15:03,390 --> 00:15:13,990
CyberPatriot, I briefly mentioned earlier, knowing I was going to come to this slide here, but it's the nation's largest youth cyber defense competition.

127
00:15:14,030 --> 00:15:18,890
So it's not about hacking, it's about how do I secure endpoints?

128
00:15:18,890 --> 00:15:24,330
So Windows machines, Ubuntu machines, and Windows servers.

129
00:15:24,330 --> 00:15:26,010
So it's a team competition.

130
00:15:26,010 --> 00:15:46,070
You work in teams of five and focus on fixing security vulnerabilities on virtual machines in Windows desktop, Windows server, and Ubuntu, but also creating secure networks in Packet Tracer, which is a Cisco program that allows you to model how networks run,

131
00:15:46,070 --> 00:15:49,330
and also taking a networking challenge.

132
00:15:49,330 --> 00:16:07,790
And so there is a special branch for high schoolers in the ROTC program, but I competed as part of another program that I was in, which I will get to later as just a civilian competitor.

133
00:16:07,810 --> 00:16:11,230
And there's a high school program and a middle school program.

134
00:16:11,230 --> 00:16:16,890
You can do these in person or virtually, and there's no skill requirements to join.

135
00:16:16,890 --> 00:16:29,370
And students learn so much through these programs from their coaches and mentors who are both just adults who are interested in cybersecurity and want to help kids learn.

136
00:16:29,370 --> 00:16:35,850
So my teams and I placed gold two years in a row, 2019 and 2020.

137
00:16:35,850 --> 00:16:39,210
It's a really fun experience.

138
00:16:39,270 --> 00:16:45,490
It's long Saturdays of six hours straight of competition, but it's so fun.

139
00:16:45,490 --> 00:16:47,630
I learned so much through it.

140
00:16:47,630 --> 00:16:50,390
I got my first exposure to Linux through it.

141
00:16:50,390 --> 00:16:54,130
It was really, really an amazing program.

142
00:16:54,130 --> 00:16:55,930
Next slide, please.

143
00:16:58,330 --> 00:17:02,550
So SkillsUSA isn't just a cybersecurity organization.

144
00:17:02,550 --> 00:17:20,190
It's what they call a career technical student organization where students taking what they call career and technical education classes, or basically classes teach you things that you can use in the workforce, like woodworking or programming or cybersecurity.

145
00:17:20,190 --> 00:17:47,210
And so they have a competition for cybersecurity students, and it's a two day, eight hours per day, at least nationally competition where there's 10 steps and you have to secure networks, secure firewalls, you have to secure Windows computers, you have to perform a penetration test on a network,

146
00:17:47,210 --> 00:17:58,310
you have to do some digital forensics, and you just have to really exhibit that you know all sorts of things about networking and cybersecurity through this competition.

147
00:17:58,310 --> 00:18:01,390
And so I've competed in it for two years.

148
00:18:01,390 --> 00:18:10,370
It's a partner competition and have done well both years and have learned so much from it both years.

149
00:18:10,370 --> 00:18:15,710
But the other thing about SkillsUSA, which is a program you have to run through a school.

150
00:18:15,710 --> 00:18:22,830
It's a program that a teacher would start, but you learn about workplace soft skills.

151
00:18:22,830 --> 00:18:24,890
So how do you be professional?

152
00:18:24,930 --> 00:18:30,210
How do you apply for a job or write a resume or do an interview?

153
00:18:30,210 --> 00:18:38,870
So it integrates all of these other skills in along with allowing you to get experience in the cybersecurity realm.

154
00:18:38,870 --> 00:18:40,410
Next slide, please.

155
00:18:42,840 --> 00:18:57,600
So Trace Labs, those of you in person at Def Con or just following all of the Twitter buzz about Def Con have probably seen some stuff about Trace Labs in the past week because they're having their quarterly Capture the Flag competition today.

156
00:18:57,800 --> 00:19:12,240
And it's an open source competition where competitors and judges kind of team up to help find open source intelligence about the whereabouts on missing persons.

157
00:19:12,360 --> 00:19:17,440
And so competitors, whether individually or in teams, work together.

158
00:19:17,620 --> 00:19:24,360
They have a list of about four to six missing people and a little bit of starter information.

159
00:19:24,360 --> 00:19:35,620
And they're given four to six hours to go find as much information about their whereabouts, their contact information, who they're associated with and where they may be located.

160
00:19:35,980 --> 00:19:48,220
Then the judges screen these results and flag the ones that could be helpful for law enforcement to submit as tips to help find these people and reunite them with their families.

161
00:19:48,220 --> 00:19:52,020
So I have judged two times now for Trace Labs.

162
00:19:52,020 --> 00:19:58,480
I won't be judging today as I'm speaking with you all because it's next.

163
00:20:02,640 --> 00:20:09,080
And judges and contestants have the opportunity to go through open source intelligence training.

164
00:20:09,080 --> 00:20:15,760
And it's a really great hands-on way to learn about this specific niche of cybersecurity.

165
00:20:15,880 --> 00:20:25,380
So I highly recommend getting involved with Trace Labs even if you aren't a student as it does amazing things for the community.

166
00:20:25,380 --> 00:20:27,020
Next slide, please.

167
00:20:28,940 --> 00:20:30,140
Coursework.

168
00:20:30,140 --> 00:20:31,920
Next slide.

169
00:20:32,440 --> 00:20:33,500
Thank you.

170
00:20:33,500 --> 00:20:43,840
So one thing I found is that in high school, not many high schools have cybersecurity specific coursework.

171
00:20:43,840 --> 00:20:53,060
So I was lucky enough in that I got to go to a high school with a computer science program, but I never had to take a cybersecurity course.

172
00:20:53,060 --> 00:20:56,100
It wasn't even an option for me to take.

173
00:20:56,320 --> 00:21:16,180
And my instructors did an amazing job of integrating cybersecurity into the curriculum, but I think it would be insanely helpful to integrate cybersecurity and the technical aspects of cybersecurity, not just digital citizenship, into our high school.

174
00:21:16,180 --> 00:21:21,400
So a program I used a lot for other computer classes is called Tucked Out.

175
00:21:21,400 --> 00:21:27,280
It's a certification company that has online virtual labs.

176
00:21:27,280 --> 00:21:31,580
And I have taken and passed three of their certifications.

177
00:21:31,580 --> 00:21:38,280
They have one called PC Pro, which is all about building PCs and Windows operating systems.

178
00:21:38,280 --> 00:21:41,560
It basically prepares you for the CompTIA A-plus exam.

179
00:21:41,560 --> 00:21:46,380
I've taken their Network Pro, which is all about computer networking.

180
00:21:46,380 --> 00:21:49,120
It prepares you for CompTIA's Network Plus.

181
00:21:49,180 --> 00:21:57,220
And I've taken their Routing and Switching Pro, which prepares you for the CTNA certification by Cisco.

182
00:21:57,220 --> 00:22:04,820
And so they provide, it's an online sandbox for students to learn, and they offer several cybersecurity courses.

183
00:22:04,820 --> 00:22:18,420
And so I think integrating this into a high school elective class would be a safe way for the school district, also a super beneficial way for youth interested in computers to learn about cybersecurity.

184
00:22:19,220 --> 00:22:24,420
It's really great that I'll talk about more in depth later is called TriHackMe.

185
00:22:24,420 --> 00:22:48,300
It's an online sandbox that allows you to essentially just do these challenges that teach you not just about hacking, but defensive security, physics, how to set up firewalls, and yes, web hacking, and mobile hacking, and more of the technical hands-on aspects of cybersecurity.

186
00:22:48,540 --> 00:22:55,200
And another really great way to integrate this is through a secured and isolated lab environment that students have control of.

187
00:22:55,200 --> 00:23:08,760
They get to decide what goes in it, they get to decide how it's set up, and they get to implement skills from a networking course, or a program course, or PC course on how to best set this up.

188
00:23:08,760 --> 00:23:17,360
And they also get to integrate skills on how best to secure that network and try to bypass those defenses.

189
00:23:18,020 --> 00:23:19,640
Next slide, please.

190
00:23:22,200 --> 00:23:29,520
Outside courses are also really great for people already kind of itching with the cybersecurity bug.

191
00:23:29,660 --> 00:23:38,460
I don't know any teenagers that are gonna be like, I wanna go take a random course on cybersecurity, I've never heard of it.

192
00:23:38,460 --> 00:23:44,760
There has to be some sort of fun, cool exposure to it before you get to this point.

193
00:23:44,760 --> 00:23:53,380
But once youth are interested in something, what I found is they'll do a lot to explore that.

194
00:23:53,380 --> 00:24:08,960
And so there's several resources where you can take outside courses, and this is not an all-inclusive list by any means, but edX and Coursera have a lot of really general cybersecurity courses, which is good for someone kind of just starting out and like,

195
00:24:08,960 --> 00:24:11,760
hey, I wanna see if this is something I'm even interested in.

196
00:24:11,760 --> 00:24:14,540
Do I wanna take a class at my high school on this?

197
00:24:14,540 --> 00:24:19,160
I don't know if I wanna commit to that elective block yet, I just wanna see.

198
00:24:19,300 --> 00:24:24,040
And TCM Security and Udemy have more specialized courses on.

199
00:24:24,040 --> 00:24:26,560
Okay, this is how you run a penetration test.

200
00:24:26,560 --> 00:24:30,280
This is how you code malicious scripts in Python.

201
00:24:30,300 --> 00:24:39,820
All sorts of niche skills that professionals and students alike are trying to learn through these platforms.

202
00:24:40,020 --> 00:24:41,660
Next slide, please.

203
00:24:42,860 --> 00:24:44,640
Concrete experience.

204
00:24:44,640 --> 00:24:45,960
Next slide.

205
00:24:46,240 --> 00:24:47,420
Thanks.

206
00:24:47,420 --> 00:24:51,960
Oh, I promised I'd talk about TryHackMe, and the time has come for that.

207
00:24:52,060 --> 00:24:58,440
So TryHackMe is unique in that it is a freemium program.

208
00:24:58,440 --> 00:25:08,200
It has a free tier that really has a lot of features, but also a paid tier that allows you to access modules that are available in the free tier.

209
00:25:08,200 --> 00:25:12,400
And that tier, I believe, is only like $10 or $15 a month.

210
00:25:12,400 --> 00:25:19,180
So it doesn't require a lot of financial commitment, and you can also gift this to people.

211
00:25:19,180 --> 00:25:24,940
And it's a really great way for people who don't know how to hack to learn how to hack.

212
00:25:24,940 --> 00:25:35,060
They have Kali Linux and parent security boxes up in the cloud that you can use to hack stuff on their website.

213
00:25:35,060 --> 00:25:36,300
It's all set up.

214
00:25:36,300 --> 00:25:40,620
There's a whole virtual private network connected into it.

215
00:25:40,620 --> 00:25:42,340
It's a really neat program.

216
00:25:42,340 --> 00:26:06,350
And then there are tackle box, which is for, once you have some of those basic hacking skills and you want to practice taking over a machine and using techniques that you've already learned, it's basically vulnerable machines that you have to try different techniques to own or take over the machine and hack it to make it yours.

217
00:26:06,410 --> 00:26:16,610
And so these programs are really great for helping youth and adults alike get the hands-on experience that they need to be successful in cybersecurity.

218
00:26:17,130 --> 00:26:18,650
Next slide, please.

219
00:26:19,950 --> 00:26:21,450
Thank you.

220
00:26:21,450 --> 00:26:26,630
Secure hacking environments are also really neat.

221
00:26:26,690 --> 00:26:41,690
There are many cyber ranges here in the United States where they have several machines kind of like hack the box, but you can kind of just do whatever you want on them because they're isolated.

222
00:26:41,710 --> 00:26:50,370
And you can try a bunch of different techniques and try to, hey, I tried this, but I want to see if this will also work.

223
00:26:50,390 --> 00:27:04,550
And there's also, I believe, some isolated online servers, kind of like there's the vulnerable web application that you can download locally.

224
00:27:04,550 --> 00:27:12,850
And there's one by Google, it's cheese themed, where it's intentionally vulnerable.

225
00:27:12,910 --> 00:27:20,410
And your goal is to try to hack it and just play around and find all these cool vulnerabilities.

226
00:27:20,410 --> 00:27:21,830
Next slide, please.

227
00:27:23,890 --> 00:27:27,570
Homelabs are definitely for more advanced users.

228
00:27:27,570 --> 00:27:30,070
I am still in the process of setting up mine.

229
00:27:30,070 --> 00:27:55,430
It's a long process, but once you get it set up, I believe it's totally worth it because it's about creating a model production environment where you can hack your own stuff, practice setting up firewalls and practice bypassing that firewall or have a bug machine and set up a web server that you can try to hack stuff through.

230
00:27:55,430 --> 00:28:11,150
And you're not just learning about hacking here, you're learning about vulnerabilities, Windows, Linux, virtualization, blue teaming or defense mechanisms, red teaming or attack mechanisms, networking, you know, how do all these corporate networks work?

231
00:28:11,150 --> 00:28:13,190
How do you set up Linux?

232
00:28:13,190 --> 00:28:17,110
What makes Debian different from Fedora Linux?

233
00:28:17,110 --> 00:28:19,870
It's the way you install applications.

234
00:28:19,870 --> 00:28:27,410
Really, if you want to learn about something with computers, a homelab is a really amazing way to do that.

235
00:28:27,410 --> 00:28:44,250
It just requires a lot of time on Google and a lot of experience, but it's something that I think we need to promote more to people interested in cybersecurity because it's really easy to set up in just some virtual machines.

236
00:28:44,250 --> 00:28:49,110
It can be as big or as small as your computer can manage.

237
00:28:49,130 --> 00:28:50,330
Next slide, please.

238
00:28:52,630 --> 00:28:54,030
So bug bounties.

239
00:28:54,030 --> 00:28:58,050
I mentioned that I am a freelance bug bounty hunter.

240
00:28:58,130 --> 00:29:04,230
What I forgot to put in that bio is I'm also a freelance AI bias bounty hunter.

241
00:29:04,370 --> 00:29:16,730
There was a program that Twitter did last summer where they had their AI cropping algorithm and researchers tried to find biases in that program.

242
00:29:16,730 --> 00:29:26,150
And so that was a program on something called HackerOne, which is a really nice program for beginners because they have so many things you can hack.

243
00:29:26,150 --> 00:29:31,270
And also you can get invited to private programs really easily.

244
00:29:31,270 --> 00:29:33,370
Bug Crowd is also nice.

245
00:29:33,370 --> 00:29:35,650
Any of these programs are on the screen.

246
00:29:35,650 --> 00:29:52,630
Hunter.dev is for open source vulnerabilities, but basically bug bountying, there's the incentive of getting paid for finding a bug in a company, legally hacking them, and then getting money for it and learning all about cybersecurity in the process.

247
00:29:52,630 --> 00:29:56,090
And it's just an amazing process.

248
00:29:56,090 --> 00:30:22,950
It's very, very frustrating at times, but once you get the hang of, and I had to get the hang of, hacking an actual production environment, it's a really great way for older youth to explore their skills and do things ethically, not just go like, I want to go down Twitter today,

249
00:30:22,950 --> 00:30:36,190
but like, hey, there's a company that invited me to their private program, and I want to see if I can find SQL injection vulnerability on their website and forward it to them.

250
00:30:36,950 --> 00:30:47,370
So I think bug bounty is really neat, especially for older teenagers or college students looking to make money, all that kind of stuff.

251
00:30:47,370 --> 00:30:48,810
Next slide, please.

252
00:30:50,990 --> 00:31:09,270
So X-Ray also mentioned I have contributed to open source software, and I think this is really good for the next generation to do because not only does it teach them how to program and how GitHub and source code...

253
00:31:16,870 --> 00:31:18,010
I apologize.

254
00:31:18,350 --> 00:31:18,810
Am I still

255
00:31:22,290 --> 00:31:22,650
on?

256
00:31:22,650 --> 00:31:27,890
Sorry, my kidney decided to recap for a moment.

257
00:31:29,770 --> 00:31:32,390
Your audio is very, very quiet now.

258
00:31:33,250 --> 00:31:34,730
Microphone is not active.

259
00:31:35,610 --> 00:31:37,170
All right, let me try something.

260
00:31:40,150 --> 00:31:42,030
You need to pick up the microphone.

261
00:31:43,330 --> 00:31:44,830
All right, I will.

262
00:31:49,560 --> 00:31:50,300
Better?

263
00:31:51,480 --> 00:31:53,340
Nope, still the same.

264
00:32:00,660 --> 00:32:02,900
You need to pick up one of the microphones.

265
00:32:02,900 --> 00:32:05,940
That'll give you a megaphone, and then everybody will be able to hear you.

266
00:32:06,020 --> 00:32:07,940
I thought I had one of the microphones.

267
00:32:09,020 --> 00:32:13,320
You accidentally must have dropped it because I can see them both on the podium there.

268
00:32:18,360 --> 00:32:19,520
How about now?

269
00:32:19,520 --> 00:32:20,380
There you go.

270
00:32:21,020 --> 00:32:21,720
All right, perfect.

271
00:32:21,720 --> 00:32:23,480
Thanks for that help, X-Ray.

272
00:32:25,440 --> 00:32:27,380
Anyways, open source software.

273
00:32:28,920 --> 00:32:39,740
It's really good for our youth to explore and learn about programming, but also find vulnerabilities to these projects and help to patch them.

274
00:32:40,520 --> 00:32:51,740
These maintainers who are working so hard on all these projects that Google are scared of, and they may miss something.

275
00:32:51,740 --> 00:33:08,840
And it's really a community of security researchers in OSS helping to kind of plan for this and fix it and I think it's a really good place for youth to serve in this field.

276
00:33:08,840 --> 00:33:24,440
So I created two open source projects, GeekFest.Linux was a senior project I did, all about making it a lot easier to build HomeLab and also a log-forging scanner in December of 2021.

277
00:33:25,040 --> 00:33:31,360
I've contributed to the Beef Project, which is a web application testing app.

278
00:33:31,360 --> 00:33:33,420
I've contributed to BlackArchLinux.

279
00:33:33,420 --> 00:33:35,400
Yes, I use ArchLinux.

280
00:33:35,400 --> 00:33:36,800
I love it.

281
00:33:37,560 --> 00:33:44,280
And RaspAP, which is a access point that you can put on a Raspberry Pi.

282
00:33:45,580 --> 00:33:53,320
It's a very supportive community of programmers, security enthusiasts, and just other people.

283
00:33:53,320 --> 00:33:58,660
And there's also a background you can do for open source on a site called hunter.dev.

284
00:33:58,660 --> 00:34:08,960
So that's also a good resource to look into when you're talking to youth about getting cybersecurity and three ways to do it.

285
00:34:08,960 --> 00:34:10,240
Next slide, please.

286
00:34:13,080 --> 00:34:14,600
Certifications.

287
00:34:14,880 --> 00:34:16,140
Next slide.

288
00:34:17,320 --> 00:34:27,180
So cybersecurity certifications are a really great way to tangibly show what someone knows about you.

289
00:34:27,180 --> 00:34:35,760
Because you can pass a test or finish 11 online labs successfully.

290
00:34:36,060 --> 00:34:39,080
You clearly know something about that subject.

291
00:34:39,080 --> 00:34:57,080
And it's a really great way for schools to show off their student knowledge, but also as a resource for students learning individually on their own or for community centers or libraries to offer sessions for.

292
00:34:57,380 --> 00:35:10,040
And so I think those certifications that pass a number of formats, ATA, GIA, MPT, MTA, all kind of test in a multiple choice format.

293
00:35:10,060 --> 00:35:13,500
I'm going to be taking security plus here in the next couple of weeks.

294
00:35:13,500 --> 00:35:23,400
That's a mix of multiple choice and free response, but kind of like drag and drops or maps.

295
00:35:23,940 --> 00:35:27,940
And then there's test out certifications, which are 100% hands-on.

296
00:35:30,160 --> 00:35:35,220
And they're insanely hard to pass, but it's also insanely rewarding.

297
00:35:36,600 --> 00:35:46,280
So if a student isn't a great taker, but they're really good at doing hands-on activities, maybe test out certifications are better for them to show off their knowledge.

298
00:35:46,280 --> 00:35:54,420
But if they're a really good test taker, maybe they should take something like the ETA ITS certification or the CompTIA security class.

299
00:35:54,420 --> 00:35:55,740
Next slide, please.

300
00:36:05,180 --> 00:36:08,000
Ready for the next slide, whenever they're done.

301
00:36:08,200 --> 00:36:09,040
There we go.

302
00:36:09,040 --> 00:36:11,740
Conferences, next slide, please.

303
00:36:12,360 --> 00:36:22,400
So why are conferences like this, like DEF CON, so important to expose youth who are getting interested inside your security exam?

304
00:36:22,400 --> 00:36:35,140
They can learn new things, do all sorts of fun workshops like block picking or capture flag or a trace labs capture the flag or also car hacking.

305
00:36:35,140 --> 00:36:37,780
I believe there's an aviation village at DEF CON.

306
00:36:37,780 --> 00:36:43,380
I'm not in Vegas, so I'm seeing everything that's going on and it all looks really cool.

307
00:36:44,120 --> 00:36:48,140
And you can learn about all these neat areas of cybersecurity.

308
00:36:48,200 --> 00:36:54,520
Also network professionals and hobbyists and enthusiasts like everyone here.

309
00:36:54,660 --> 00:37:02,300
But students can also learn about professionalism, be a good professional in a professional manner.

310
00:37:02,300 --> 00:37:13,540
Also, once they get some knowledge, practice some public speaking and get their public speaking skills up to par and be really good.

311
00:37:14,700 --> 00:37:28,580
And conferences are just a great way to learn both the soft skills that are needed in cybersecurity, but also learn new skills and teach others about skills that you already have.

312
00:37:32,570 --> 00:37:35,550
Career shadowing, next slide.

313
00:37:36,770 --> 00:37:44,430
Awesome, so a program I was in when I was in high school, it's called Paradise Valley Women in Information Technology 84.

314
00:37:44,430 --> 00:37:49,710
I will call it PBWIT for short because that whole long phrase is very long.

315
00:37:49,710 --> 00:38:01,530
So it's an internship where young women around my school district came together to learn about different tech, such as artificial intelligence, these things and cybersecurity.

316
00:38:02,030 --> 00:38:11,310
And to learn about these fields, we did hands-on projects, communications to district leadership and other IT leaders around our state.

317
00:38:11,310 --> 00:38:17,670
And we got mentored by our district's IT director and we had guest speakers come in.

318
00:38:17,670 --> 00:38:23,910
We had an ethical hacker come in and it was a really great program.

319
00:38:24,070 --> 00:38:29,950
If you are setting up a program similar to this, it doesn't even have to be in a school district.

320
00:38:30,450 --> 00:38:32,810
It doesn't have to be exclusively for women.

321
00:38:32,810 --> 00:38:36,470
It could be for anyone that is interested.

322
00:38:36,470 --> 00:38:42,270
A library or a community center could set something up like this that meets during the summer.

323
00:38:42,270 --> 00:38:57,750
It could be part of a summer camp held somewhere where youths just come together and learn things collaboratively in a safe environment and do projects and present their work and get mentored by industry professionals.

324
00:38:58,110 --> 00:39:00,030
Next slide, please.

325
00:39:02,740 --> 00:39:13,740
So, I've done a number of security internships and just to note, this is not an all-inclusive list of what security internships are like.

326
00:39:13,740 --> 00:39:18,100
These are just a few I've done and what my experiences were like.

327
00:39:18,100 --> 00:39:24,580
These can be very different or similar or anything like that.

328
00:39:24,640 --> 00:39:36,600
During the fall of 2020 and spring of 2021, I worked at Arizona State University as an information security intern with one of my very good friends.

329
00:39:36,600 --> 00:39:42,220
And we worked there for nine months helping to improve their security review process.

330
00:39:42,220 --> 00:39:51,300
So, when an administrator or professor wants to add an application that can be used, they had to go through this process first.

331
00:39:51,440 --> 00:39:54,100
And that was a really wonderful internship.

332
00:39:54,120 --> 00:39:58,500
And at one point, we were learning about instant response.

333
00:39:58,680 --> 00:40:03,560
This was in December, 2020, when solar was hit.

334
00:40:03,620 --> 00:40:09,200
And that was one of the biggest issues of all time.

335
00:40:09,200 --> 00:40:18,500
And Chloe and I, my fellow intern, were kind of thrown into the mix of this big, giant catastrophe.

336
00:40:18,500 --> 00:40:29,880
And this is where I saw everything going on and all of the people rushing to help and trying to solve these problems.

337
00:40:29,880 --> 00:40:33,780
And I said, this has nothing to do with the rest of the world.

338
00:40:34,300 --> 00:40:38,300
I want to help cybersecurity.

339
00:40:38,300 --> 00:40:40,300
I want to help prevent these breaches.

340
00:40:40,300 --> 00:40:47,020
I want to help move our society forward and be safer and more secure for everyone.

341
00:40:47,020 --> 00:40:52,100
And so that ASU internship for me was really instrumental.

342
00:40:53,300 --> 00:40:55,620
Awesome for me on that.

343
00:40:55,620 --> 00:41:02,300
And then after that, I worked at my school district called PV Schools for a cybersecurity internship.

344
00:41:02,400 --> 00:41:04,000
I helped manage students.

345
00:41:04,000 --> 00:41:06,400
I helped wipe old computers.

346
00:41:06,560 --> 00:41:09,760
I worked on several data governance initiatives.

347
00:41:09,760 --> 00:41:16,220
I did some customer service, and I also helped get ready for a cybersecurity audit.

348
00:41:17,340 --> 00:41:19,220
Next slide, please.

349
00:41:21,700 --> 00:41:29,560
After I finished with PV Schools, I went to Trusona, and my last day there was actually Monday.

350
00:41:30,540 --> 00:41:39,480
But when I was there, I was a customer success intern for a cybersecurity startup getting a password in favor of biometric authentication.

351
00:41:39,740 --> 00:41:52,120
I was a member of the team, and I helped provide a perspective of a younger person or a teenager, because let's face it, a lot of teenagers are not very good with cybersecurity.

352
00:41:53,260 --> 00:42:00,300
I helped make videos and documentation on how our project integrates with the customers of Trusona.

353
00:42:00,300 --> 00:42:03,000
That was a really wonderful experience.

354
00:42:03,000 --> 00:42:09,020
I met a lot of awesome people there, and I was just so blessed to have that opportunity.

355
00:42:09,800 --> 00:42:13,440
I grew up in Phoenix Chamber of Commerce.

356
00:42:13,500 --> 00:42:14,920
I did an externship.

357
00:42:14,920 --> 00:42:28,020
It was a two-week experience where we learned from cybersecurity professionals, practiced networking and screening skills, and also created a project with the team and presented that.

358
00:42:28,260 --> 00:42:38,700
And most recently, I've been a bright intelligence intern for the Arizona Cyber Threat Response Alliance.

359
00:42:38,700 --> 00:42:42,400
I'm a member of the first student group to go through this training.

360
00:42:42,400 --> 00:42:51,060
I've learned about cybersecurity and threat intelligence and networked with students and professionals in industry and created a capstone project.

361
00:42:51,060 --> 00:43:02,520
And the other students and I will be the founding members of a university intelligence club that focuses on open-source health as a result.

362
00:43:03,220 --> 00:43:04,520
Next slide.

363
00:43:08,890 --> 00:43:09,610
Awesome.

364
00:43:09,610 --> 00:43:10,770
College.

365
00:43:10,930 --> 00:43:12,250
Next slide.

366
00:43:12,690 --> 00:43:31,230
Look, cybersecurity degrees are very important, in my opinion, because if you don't gain the knowledge in an educational setting or just anywhere to be a practitioner, how are we going to find people with the technical skills to hire?

367
00:43:31,310 --> 00:43:53,550
And what I found from many universities when I was college hunting was they either didn't have a cybersecurity degree, only had a cybersecurity minor, or had what they called a cybersecurity degree, which focused on auditing, which is helpful, but our shortage is mainly in the technical ground right now.

368
00:43:53,550 --> 00:43:59,470
I have some statistics on that that I can share later on if anyone's interested.

369
00:43:59,470 --> 00:44:06,350
So I found it's important that we have a technical cybersecurity degree.

370
00:44:06,350 --> 00:44:19,090
And there's a couple of schools I found that have really good technical programs, one of which is Grand Canyon University, that's where I will be attending fall in Phoenix, Arizona.

371
00:44:19,090 --> 00:44:23,290
Another one is Dakota State University in South Dakota.

372
00:44:23,350 --> 00:44:27,170
Both of these have really good technical programs.

373
00:44:27,330 --> 00:44:29,010
And how do we implement them?

374
00:44:29,010 --> 00:44:47,910
Well, we need to implement classes that teach forensics or teach ethical hacking and do all of this in the college space so that college graduates, once they're out of college, they can take a job that they graduate and be extremely successful.

375
00:44:48,230 --> 00:44:49,770
Next slide, please.

376
00:44:52,060 --> 00:44:57,020
And another thing that's important is requiring security coursework in computer science majors.

377
00:44:57,020 --> 00:45:06,880
It shocked me when I learned that three of the top 10 computer science programs in the United States don't even offer a center-study class.

378
00:45:06,880 --> 00:45:10,340
It's not even an option for people to take.

379
00:45:10,460 --> 00:45:30,500
And I believe there's only a few, I believe it's three of the top 36 degrees require a cybersecurity course to graduate, meaning that a vast majority of computer science students, they don't get any cybersecurity training in college.

380
00:45:30,500 --> 00:45:33,760
And so they're in the workforce and making all these programs.

381
00:45:33,980 --> 00:45:36,040
They don't know how to do it securely.

382
00:45:36,040 --> 00:45:37,700
It's just an afterthought.

383
00:45:37,880 --> 00:45:39,020
So how do we do this?

384
00:45:39,020 --> 00:45:40,520
I think there's two ways.

385
00:45:40,980 --> 00:45:49,860
I think we can set up a general cybersecurity course in university that students have to take to graduate in computer programs.

386
00:45:49,960 --> 00:46:07,160
And I think we possibly also add a secure coding course that students can learn how to be secure in their programming and how to build programs that are secure so that we don't have these problems in as many of these fields in the future.

387
00:46:07,160 --> 00:46:08,980
The next slide, please.

388
00:46:11,360 --> 00:46:13,600
So what are the takeaways from this?

389
00:46:13,600 --> 00:46:16,200
Obviously, yeah, go back to the takeaways.

390
00:46:16,200 --> 00:46:17,020
Thanks.

391
00:46:17,900 --> 00:46:19,000
Thank you.

392
00:46:19,240 --> 00:46:21,300
So what are the takeaways from this?

393
00:46:22,280 --> 00:46:26,420
Essentially, they're not going to be able to do everything I've talked about.

394
00:46:26,420 --> 00:46:31,500
And that's okay, because every little effort makes a huge difference.

395
00:46:31,500 --> 00:46:35,620
So just a reminder that this is just a framework.

396
00:46:35,620 --> 00:46:37,580
It's a possible solution.

397
00:46:37,580 --> 00:46:46,760
I may have some really bad ideas on here, and there are probably some really good ideas that I left out and I didn't know existed.

398
00:46:46,760 --> 00:47:05,960
This is based on my very limited 18 years of experience in life and how I see the world and I'm sure there are other really amazing resources and ways to solve our workforce gap and get youth interested in cybersecurity that I did not mention, and for that,

399
00:47:05,960 --> 00:47:07,460
I'm sorry.

400
00:47:07,900 --> 00:47:14,640
But I'm sure that if we all work together, we can find the best solution for this problem.

401
00:47:14,640 --> 00:47:23,660
I am around to speak to anyone that has questions or just wants some ideas.

402
00:47:23,660 --> 00:47:33,700
I can also refer some other people that I know that are also really good and better than me at recruiting youth into cybersecurity.

403
00:47:34,520 --> 00:47:39,000
And so now, can you go to the next slide, please?

404
00:47:40,420 --> 00:47:44,060
Thank you so much for coming to my presentation.

405
00:47:44,060 --> 00:47:48,100
Do we have any questions?

406
00:47:48,900 --> 00:47:53,640
And contact information you can find on the screen.

407
00:47:55,800 --> 00:47:57,800
Any questions?

408
00:48:05,090 --> 00:48:07,470
Thanks for the class.

409
00:48:08,970 --> 00:48:10,610
Great talk.

410
00:48:11,250 --> 00:48:12,530
Thank you.

411
00:48:12,530 --> 00:48:14,490
Yeah, just more of a comment.

412
00:48:14,490 --> 00:48:19,050
I'm really impressed with your experience, specifically with that age.

413
00:48:20,050 --> 00:48:20,890
Thank you so much.

414
00:48:20,890 --> 00:48:22,330
There's a lot of experience there.

415
00:48:22,330 --> 00:48:23,530
That's awesome.

416
00:48:24,810 --> 00:48:26,550
Yeah, thank you so much.

417
00:48:26,550 --> 00:48:27,270
Great.

418
00:48:32,250 --> 00:48:36,250
And I'll be hanging around the VR space.

419
00:48:36,530 --> 00:48:43,510
If you have any questions, if you're on Twitch and you have questions, you can find my email in my link.

420
00:48:44,170 --> 00:48:46,450
You can email me.

421
00:48:47,150 --> 00:48:48,290
I'm also on Twitter.

422
00:48:48,290 --> 00:48:49,950
You can message me there.

423
00:48:49,950 --> 00:48:51,990
You can message me on LinkedIn.

424
00:48:52,430 --> 00:48:54,510
Just send me a text request.

425
00:48:55,690 --> 00:48:58,010
Relatively soon, I'll probably accept it.

426
00:48:58,010 --> 00:49:06,030
I don't know, but I'll be happy to answer any questions you have.

427
00:49:08,130 --> 00:49:11,310
Thank you all for your time.

428
00:49:12,010 --> 00:49:14,170
I appreciate y'all being here.

429
00:49:25,430 --> 00:49:29,310
Thank you, Meg, Cyber Queen Meg, for an excellent presentation.

430
00:49:29,330 --> 00:49:31,510
There's a lot of useful information in there.

431
00:49:31,510 --> 00:49:37,710
I will probably contact you later to talk about some of this stuff because I'm interested in the same topic.

432
00:49:38,570 --> 00:49:39,750
Everybody hang out.

433
00:49:39,750 --> 00:49:42,610
In about another six minutes, we'll have our next speaker.

434
00:49:42,770 --> 00:49:44,270
So take a break.

435
00:49:45,370 --> 00:49:47,150
Take a bio break, that sort of thing.

436
00:49:47,150 --> 00:49:49,410
And we'll see you back here in about six minutes.