And so we're ready to go.
So I'd like to welcome to the stage
our first speaker today.
This is Cyber Queen Meg, otherwise known as Megan Howe.
Megan is a passionate, rising cybersecurity...
Oh, I forgot, sorry.
She's going to be speaking on
Building the Cybersecurity Workforce Pipeline,
How to Recruit and Educate
the Next Generation of Cyber Warriors.
Megan Howe is a passionate, rising security professional
who's interested in programming,
cybersecurity, and web development.
Megan is attending Grand Canyon University
in Phoenix, Arizona,
to earn a Bachelor's of Science in cybersecurity.
Megan is currently a threat analysis intern
for the Arizona Cyber Threat Response Alliance,
as well as a customer success intern
at a cybersecurity startup called Trusona.
Megan works as a freelance bug bounty hunter.
Wow, that's kind of interesting.
And is particularly focused on hunting
for web security vulnerabilities.
Megan also contributes to open source projects, GitHub.
Previously, Megan has worked as a cybersecurity intern
for the Paradise Valley Unified School District
and for the Arizona State University.
And I might add that she is an excellent violinist.
Megan is a nationally recognized cybersecurity scholar
and has earned industry recognition
and certifications through GEAC, ETA,
TestOut, and Microsoft.
Megan is a 2021 National Cybersecurity Scholar,
2021 NCWIT, or National Honorable Mention,
and two-time state champion
in the SkillsUSA's cybersecurity competition.
As a female student in cybersecurity,
Megan also shares her perspective on cybersecurity
and women in technology with audiences worldwide.
So welcome, Megan, to the stage.
Take it away, Megan.
All right, I gotta figure out how to grab this thing.
There we go.
Thanks for the warm welcome, X-Ray,
and thank you all for having me today.
So as X-Ray mentioned, I'm gonna be speaking
on building the cybersecurity workforce pipeline
to recruit and educate the next generation of warriors.
Next slide, please.
So who am I?
A photo's worth a thousand words.
I've got different pictures up here
to kind of illustrate who I am.
I'm a dog lover, a recent high school graduate,
a violinist, a public speaker,
cybersecurity enthusiast, a conference attender,
but most importantly, just a normal teenager
who does normal teenager things.
I don't just do cybersecurity all the time.
I also like to have fun with friends and family
and hang out with my dogs that you can see pictured.
So next slide, please.
So in the cybersecurity industry, we have a problem.
There's too much demand
for incoming cybersecurity professionals
and not enough skilled or interested people
that even want to go into cybersecurity,
partially because a lot of people don't even know
that the field exists, especially children.
And this leads to also our education problem
is that very few K through 12 schools
teach practical cybersecurity content,
and most colleges don't have
a cybersecurity degree program or a minor.
And even if they do, most of the time it's based on,
yeah, the technical, not the technical,
the business side of cybersecurity, not the technical side.
Next slide, please.
And so before I go on to my next slide,
I have a little disclaimer is that I don't know everything.
I just am a recent high school graduate.
I don't have years of work experience like many of you have.
And this is the end all, end all for cybersecurity.
It's a potential framework for solving the workforce gap
and getting more youth interested in cybersecurity
that I hope that some of you can find parts of this useful.
And I'm gonna be going over this framework here today
in my presentation.
So at the center of everything is community.
Nine C's of cyber has to start with community,
and then we build to concrete experience,
clubs, coursework, competition, certifications,
conferences, rear shadowing, and college.
So each of these points has different things
that we as cybersecurity practitioners or as business owners
or as concerned community members can do
to help boost the cybersecurity workforce
and boost interest in the field.
Next slide, please.
Community, next slide.
So before anyone is going to be interested
in learning cybersecurity, but especially young people,
we have to create environments that are welcoming,
safe, fun, exciting, and supportive.
People have to feel safe enough in these environments
to learn, grow, try new things,
not necessarily good at those new things,
fall down, get back up again,
and have the support to pursue their passions,
whether it's cybersecurity or not.
But in order to find passion,
we have to have safe spaces for people
to be able to explore those passions.
Next slide, please.
Mentoring is another key component
of getting youth interested into cybersecurity
and getting them integrated into a community
because mentoring youth allows them to learn from you
and learn about the workforce and what your job is
and all the cool things to do in your job.
You're also a resource for them.
You can connect them to your network
or possibly provide them with an internship at your company
or help them with a resume or a cover letter
or a job interview.
But you, us adults, will also be learning
from the people that we mentor
because they can teach us so much
about how to support the next generation
and how that all works together
and how we can best support them and other people like them.
And so mentoring is definitely a two-way street.
Next slide.
Community gatherings, just like this one,
are also important because when youth are permitted
and encouraged to attend meetups,
capture-the-flags, and conferences,
they can meet people, do all sorts of cool activities
like logging or a capture-the-flag competition
where they learn about hacking,
and meet people, get some cool swag.
We all love swag.
And form connections and bonds
and spark their interest in cybersecurity,
get them really engaged and wanting more.
Next slide, please.
Clubs.
Next slide.
So after-school extracurriculars
are a really good first step
to introduce youth to cybersecurity.
And I'm kind of gonna go through a logical progression
of first steps to more advanced steps
throughout this presentation,
which is why I have it ordered the way I do.
So the first way I was introduced to computer science first
and then cybersecurity through after-school extracurriculars.
I was a member of Girls Who Code in middle school,
seventh or eighth grade,
about the beginning of my teenage years
for those of you not in the US.
And I learned how to code for the first time
in a safe and supportive environment.
But clubs can be more than just coding.
There's a person in, I believe, Minnesota
who has a Linux club,
and he teaches middle schoolers how to use Linux
and then do all sorts of open-source community projects
and even distribute computers
to kids in their classrooms that need them.
It's really cool.
Coding clubs are also cool.
Hacking clubs could be super fun for high schoolers,
but not just school.
We need to have more than just school.
We also need to have community programs.
So it's crucial that we have our girls and boys clubs,
our big brothers and sisters,
all of these community programs
that exist all around the world,
including and increasing the group of cyber security skills,
offering a workshop,
or when Boy Scouts and Girl Scouts
offer cyber security badges
that are pictured on this slide right here.
And when libraries and community centers
and all sorts of places in the community
put together these programs for kids,
they might get exposed to it.
And before they might have not.
And same with adults.
And if we have people that are willing to support
and sponsor these types of programs,
those, not just older kids,
but kids of all ages to the fun of security,
I believe that we can start
getting people interested in cyber security.
Because honestly, half of the problem is
people just don't understand cyber security.
So we have to first by fixing that.
Next slide, please.
Volunteering is also super important.
It allows youth and adults to give back to the community,
but also allows us to reach youth
that maybe we wouldn't reach through an after school club
or a community program.
So I think a really good step for this
would be setting up programs
to provide cyber security services
for small businesses, charities, or houses of worship,
like your local church or temple,
or whatever house of worship you attend.
Because then you can pull in youth and other people
to help run these services
and get that benefit as a small business charity
or house of worship.
But also maybe get some people interested in cyber security
that may not have been exposed to it
if it weren't for these programs.
And another cool program that's run
is a program called TechCampers.
It's run by the Air Force Association's Cyber Patriot.
And it's all about educating older people,
people new to technology on digital safety.
So they have a free certification that people can take.
It's aimed towards youth,
but adults can become certified in this too.
And it's all about helping to educate older people
who aren't as familiar with technology
on how to be in a way that they can understand.
So that could also help recruit some more youth
into cyber security.
Say if a school were to set this up
as a community service project
and kids would be like,
hey, this is kind of neat.
These are all the kind of different things that go along
and this is how people fall for it.
I wanna be able to help stop that.
So that's another really neat program that exists.
Next slide, please.
Competitions, next slide.
So Capture the Flags,
I'm sure everyone on this call,
at least in the VR space has probably played
many of Capture the Flag at DEF CON over the years.
But for those unfamiliar,
they're hacking competitions
where you get points and rewards
for finding virtual flags
or solutions to a problem you're tasked to solve.
And these competitions can help teach anyone
about cryptography, web hacking,
networking, how Linux works,
how Windows works,
how you hack a mobile application,
how you hack artificial intelligence,
all sorts of neat computer stuff.
And by integrating these competitions into classrooms
or community events or clubs,
you can get youth interested in cybersecurity
by giving them a creative and competitive outlet
to explore in.
It gives them this amazing opportunity
to just try to solve a problem
and get a bunch of points and rewards.
That's also a really great motivation for youth.
But yeah, Capture the Flags are really great
for getting young people in
because of the competitive nature of the activity.
Next slide, please.
Cyberstart America is a specific Capture the Flag
that I've participated in.
It starts out with this gamified experience
where you can learn all about
all sorts of different cybersecurity missions,
if you say.
You can learn about networking.
You can learn how to use Linux.
You can learn how to exploit an SQL vulnerability
in a database.
It covers almost everything.
And then the highest score in this game
that's about six months,
get invited to this 48-hour competition.
It's a Capture the Flag, runs for 48 hours straight.
And it covers web exploitation,
binary exploitation, forensics, networking,
and a bunch of other different challenges.
And I did this in spring of 2021
and placed among the highest in the Capture the Flag.
And I won a BIAC certification attempt
and a college scholarship through it.
So I earned my GFAST,
GIAC Foundational Cybersecurity Technologies certification
through this completely free program.
And so it was a really great opportunity
to learn not just about cybersecurity,
but also the fundamentals that you need to know
to be good at cybersecurity,
such as networking or Linux or programming.
Slide, please.
CyberPatriot, I briefly mentioned earlier,
knowing I was going to come to this slide here,
but it's the nation's largest youth cyber defense competition.
So it's not about hacking,
it's about how do I secure endpoints?
So Windows machines, Ubuntu machines, and Windows servers.
So it's a team competition.
You work in teams of five
and focus on fixing security vulnerabilities
on virtual machines in Windows desktop,
Windows server, and Ubuntu,
but also creating secure networks in Packet Tracer,
which is a Cisco program that allows you
to model how networks run,
and also taking a networking challenge.
And so there is a special branch
for high schoolers in the ROTC program,
but I competed as part of another program that I was in,
which I will get to later as just a civilian competitor.
And there's a high school program
and a middle school program.
You can do these in person or virtually,
and there's no skill requirements to join.
And students learn so much through these programs
from their coaches and mentors
who are both just adults who are interested in cybersecurity
and want to help kids learn.
So my teams and I placed gold two years in a row,
2019 and 2020.
It's a really fun experience.
It's long Saturdays of six hours straight of competition,
but it's so fun.
I learned so much through it.
I got my first exposure to Linux through it.
It was really, really an amazing program.
Next slide, please.
So SkillsUSA isn't just a cybersecurity organization.
It's what they call a career technical student organization
where students taking what they call career
and technical education classes,
or basically classes teach you things
that you can use in the workforce,
like woodworking or programming or cybersecurity.
And so they have a competition for cybersecurity students,
and it's a two day, eight hours per day,
at least nationally competition where there's 10 steps
and you have to secure networks, secure firewalls,
you have to secure Windows computers,
you have to perform a penetration test on a network,
you have to do some digital forensics,
and you just have to really exhibit
that you know all sorts of things
about networking and cybersecurity through this competition.
And so I've competed in it for two years.
It's a partner competition and have done well both years
and have learned so much from it both years.
But the other thing about SkillsUSA,
which is a program you have to run through a school.
It's a program that a teacher would start,
but you learn about workplace soft skills.
So how do you be professional?
How do you apply for a job or write a resume
or do an interview?
So it integrates all of these other skills
in along with allowing you to get experience
in the cybersecurity realm.
Next slide, please.
So Trace Labs, those of you in person at Def Con
or just following all of the Twitter buzz about Def Con
have probably seen some stuff about Trace Labs
in the past week because they're having
their quarterly Capture the Flag competition today.
And it's an open source competition
where competitors and judges kind of team up
to help find open source intelligence
about the whereabouts on missing persons.
And so competitors, whether individually
or in teams, work together.
They have a list of about four to six missing people
and a little bit of starter information.
And they're given four to six hours
to go find as much information about their whereabouts,
their contact information, who they're associated with
and where they may be located.
Then the judges screen these results
and flag the ones that could be helpful
for law enforcement to submit as tips
to help find these people
and reunite them with their families.
So I have judged two times now for Trace Labs.
I won't be judging today as I'm speaking with you all
because it's next.
And judges and contestants have the opportunity
to go through open source intelligence training.
And it's a really great hands-on way
to learn about this specific niche of cybersecurity.
So I highly recommend getting involved with Trace Labs
even if you aren't a student
as it does amazing things for the community.
Next slide, please.
Coursework.
Next slide.
Thank you.
So one thing I found is that
in high school, not many high schools
have cybersecurity specific coursework.
So I was lucky enough in that I got to go to a high school
with a computer science program,
but I never had to take a cybersecurity course.
It wasn't even an option for me to take.
And my instructors did an amazing job
of integrating cybersecurity into the curriculum,
but I think it would be insanely helpful
to integrate cybersecurity
and the technical aspects of cybersecurity,
not just digital citizenship, into our high school.
So a program I used a lot for other computer classes
is called Tucked Out.
It's a certification company that has online virtual labs.
And I have taken and passed three of their certifications.
They have one called PC Pro,
which is all about building PCs
and Windows operating systems.
It basically prepares you for the CompTIA A-plus exam.
I've taken their Network Pro,
which is all about computer networking.
It prepares you for CompTIA's Network Plus.
And I've taken their Routing and Switching Pro,
which prepares you for the CTNA certification by Cisco.
And so they provide, it's an online sandbox
for students to learn,
and they offer several cybersecurity courses.
And so I think integrating this
into a high school elective class
would be a safe way for the school district,
also a super beneficial way
for youth interested in computers
to learn about cybersecurity.
It's really great that I'll talk about more in depth later
is called TriHackMe.
It's an online sandbox
that allows you to essentially just do these challenges
that teach you not just about hacking,
but defensive security,
physics, how to set up firewalls,
and yes, web hacking, and mobile hacking,
and more of the technical hands-on aspects
of cybersecurity.
And another really great way to integrate this
is through a secured and isolated lab environment
that students have control of.
They get to decide what goes in it,
they get to decide how it's set up,
and they get to implement skills
from a networking course, or a program course,
or PC course on how to best set this up.
And they also get to integrate skills
on how best to secure that network
and try to bypass those defenses.
Next slide, please.
Outside courses are also really great
for people already kind of itching
with the cybersecurity bug.
I don't know any teenagers that are gonna be like,
I wanna go take a random course on cybersecurity,
I've never heard of it.
There has to be some sort of fun, cool exposure to it
before you get to this point.
But once youth are interested in something,
what I found is they'll do a lot to explore that.
And so there's several resources
where you can take outside courses,
and this is not an all-inclusive list by any means,
but edX and Coursera have a lot
of really general cybersecurity courses,
which is good for someone kind of just starting out
and like, hey, I wanna see
if this is something I'm even interested in.
Do I wanna take a class at my high school on this?
I don't know if I wanna commit to that elective block yet,
I just wanna see.
And TCM Security and Udemy
have more specialized courses on.
Okay, this is how you run a penetration test.
This is how you code malicious scripts in Python.
All sorts of niche skills
that professionals and students alike
are trying to learn through these platforms.
Next slide, please.
Concrete experience.
Next slide.
Thanks.
Oh, I promised I'd talk about TryHackMe,
and the time has come for that.
So TryHackMe is unique in that it is a freemium program.
It has a free tier that really has a lot of features,
but also a paid tier that allows you to access modules
that are available in the free tier.
And that tier, I believe, is only like $10 or $15 a month.
So it doesn't require a lot of financial commitment,
and you can also gift this to people.
And it's a really great way for people who don't know how to hack
to learn how to hack.
They have Kali Linux and parent security boxes up in the cloud
that you can use to hack stuff on their website.
It's all set up.
There's a whole virtual private network connected into it.
It's a really neat program.
And then there are tackle box, which is for,
once you have some of those basic hacking skills
and you want to practice taking over a machine
and using techniques that you've already learned,
it's basically vulnerable machines
that you have to try different techniques to own
or take over the machine and hack it to make it yours.
And so these programs are really great
for helping youth and adults alike
get the hands-on experience
that they need to be successful in cybersecurity.
Next slide, please.
Thank you.
Secure hacking environments are also really neat.
There are many cyber ranges here in the United States
where they have several machines kind of like hack the box,
but you can kind of just do whatever you want on them
because they're isolated.
And you can try a bunch of different techniques
and try to, hey, I tried this,
but I want to see if this will also work.
And there's also, I believe, some isolated online servers,
kind of like there's the vulnerable web application
that you can download locally.
And there's one by Google, it's cheese themed,
where it's intentionally vulnerable.
And your goal is to try to hack it
and just play around
and find all these cool vulnerabilities.
Next slide, please.
Homelabs are definitely for more advanced users.
I am still in the process of setting up mine.
It's a long process, but once you get it set up,
I believe it's totally worth it
because it's about creating a model production environment
where you can hack your own stuff,
practice setting up firewalls
and practice bypassing that firewall
or have a bug machine and set up a web server
that you can try to hack stuff through.
And you're not just learning about hacking here,
you're learning about vulnerabilities,
Windows, Linux, virtualization,
blue teaming or defense mechanisms,
red teaming or attack mechanisms,
networking, you know,
how do all these corporate networks work?
How do you set up Linux?
What makes Debian different from Fedora Linux?
It's the way you install applications.
Really, if you want to learn about something with computers,
a homelab is a really amazing way to do that.
It just requires a lot of time on Google
and a lot of experience,
but it's something that I think we need to promote more
to people interested in cybersecurity
because it's really easy to set up
in just some virtual machines.
It can be as big or as small as your computer can manage.
Next slide, please.
So bug bounties.
I mentioned that I am a freelance bug bounty hunter.
What I forgot to put in that bio
is I'm also a freelance AI bias bounty hunter.
There was a program that Twitter did last summer
where they had their AI cropping algorithm
and researchers tried to find biases in that program.
And so that was a program on something called HackerOne,
which is a really nice program for beginners
because they have so many things you can hack.
And also you can get invited to private programs really easily.
Bug Crowd is also nice.
Any of these programs are on the screen.
Hunter.dev is for open source vulnerabilities,
but basically bug bountying,
there's the incentive of getting paid
for finding a bug in a company, legally hacking them,
and then getting money for it
and learning all about cybersecurity in the process.
And it's just an amazing process.
It's very, very frustrating at times,
but once you get the hang of,
and I had to get the hang of,
hacking an actual production environment,
it's a really great way for older youth
to explore their skills and do things ethically,
not just go like, I want to go down Twitter today,
but like, hey, there's a company
that invited me to their private program,
and I want to see if I can find SQL injection vulnerability
on their website and forward it to them.
So I think bug bounty is really neat,
especially for older teenagers
or college students looking to make money,
all that kind of stuff.
Next slide, please.
So X-Ray also mentioned I have contributed
to open source software,
and I think this is really good for the next generation
to do because not only does it teach them how to program
and how GitHub and source code...
I apologize.
Am I still on?
Sorry, my kidney decided to recap for a moment.
Your audio is very, very quiet now.
Microphone is not active.
All right, let me try something.
You need to pick up the microphone.
All right, I will.
Better?
Nope, still the same.
You need to pick up one of the microphones.
That'll give you a megaphone,
and then everybody will be able to hear you.
I thought I had one of the microphones.
You accidentally must have dropped it
because I can see them both on the podium there.
How about now?
There you go.
All right, perfect.
Thanks for that help, X-Ray.
Anyways, open source software.
It's really good for our youth to explore
and learn about programming,
but also find vulnerabilities to these projects
and help to patch them.
These maintainers who are working so hard
on all these projects that Google are scared of,
and they may miss something.
And it's really a community of security researchers
in OSS helping to kind of plan for this and fix it
and I think it's a really good place
for youth to serve in this field.
So I created two open source projects,
GeekFest.Linux was a senior project I did,
all about making it a lot easier to build HomeLab
and also a log-forging scanner in December of 2021.
I've contributed to the Beef Project,
which is a web application testing app.
I've contributed to BlackArchLinux.
Yes, I use ArchLinux.
I love it.
And RaspAP, which is a access point
that you can put on a Raspberry Pi.
It's a very supportive community of programmers,
security enthusiasts, and just other people.
And there's also a background you can do for open source
on a site called hunter.dev.
So that's also a good resource to look into
when you're talking to youth about getting cybersecurity
and three ways to do it.
Next slide, please.
Certifications.
Next slide.
So cybersecurity certifications are a really great way
to tangibly show what someone knows about you.
Because you can pass a test
or finish 11 online labs successfully.
You clearly know something about that subject.
And it's a really great way for schools
to show off their student knowledge,
but also as a resource for students
learning individually on their own
or for community centers or libraries
to offer sessions for.
And so I think those certifications
that pass a number of formats,
ATA, GIA, MPT, MTA,
all kind of test in a multiple choice format.
I'm going to be taking security plus here
in the next couple of weeks.
That's a mix of multiple choice and free response,
but kind of like drag and drops or maps.
And then there's test out certifications,
which are 100% hands-on.
And they're insanely hard to pass,
but it's also insanely rewarding.
So if a student isn't a great taker,
but they're really good at doing hands-on activities,
maybe test out certifications
are better for them to show off their knowledge.
But if they're a really good test taker,
maybe they should take something like the ETA ITS
certification or the CompTIA security class.
Next slide, please.
Ready for the next slide, whenever they're done.
There we go.
Conferences, next slide, please.
So why are conferences like this, like DEF CON,
so important to expose youth
who are getting interested inside your security exam?
They can learn new things, do all sorts of fun workshops
like block picking or capture flag
or a trace labs capture the flag or also car hacking.
I believe there's an aviation village at DEF CON.
I'm not in Vegas, so I'm seeing everything that's going on
and it all looks really cool.
And you can learn about all these neat areas
of cybersecurity.
Also network professionals and hobbyists
and enthusiasts like everyone here.
But students can also learn about professionalism,
be a good professional in a professional manner.
Also, once they get some knowledge,
practice some public speaking
and get their public speaking skills up to par
and be really good.
And conferences are just a great way
to learn both the soft skills
that are needed in cybersecurity,
but also learn new skills and teach others
about skills that you already have.
Career shadowing, next slide.
Awesome, so a program I was in when I was in high school,
it's called Paradise Valley Women
in Information Technology 84.
I will call it PBWIT for short
because that whole long phrase is very long.
So it's an internship where young women
around my school district came together
to learn about different tech,
such as artificial intelligence,
these things and cybersecurity.
And to learn about these fields,
we did hands-on projects,
communications to district leadership
and other IT leaders around our state.
And we got mentored by our district's IT director
and we had guest speakers come in.
We had an ethical hacker come in
and it was a really great program.
If you are setting up a program similar to this,
it doesn't even have to be in a school district.
It doesn't have to be exclusively for women.
It could be for anyone that is interested.
A library or a community center
could set something up like this
that meets during the summer.
It could be part of a summer camp held somewhere
where youths just come together
and learn things collaboratively
in a safe environment and do projects
and present their work
and get mentored by industry professionals.
Next slide, please.
So, I've done a number of security internships
and just to note,
this is not an all-inclusive list
of what security internships are like.
These are just a few I've done
and what my experiences were like.
These can be very different or similar
or anything like that.
During the fall of 2020 and spring of 2021,
I worked at Arizona State University
as an information security intern
with one of my very good friends.
And we worked there for nine months
helping to improve their security review process.
So, when an administrator or professor
wants to add an application
that can be used,
they had to go through this process first.
And that was a really wonderful internship.
And at one point,
we were learning about instant response.
This was in December, 2020,
when solar was hit.
And that was one of the biggest issues of all time.
And Chloe and I, my fellow intern,
were kind of thrown into the mix of
this big, giant catastrophe.
And this is where I saw everything going on
and all of the people
rushing to help
and trying to solve these problems.
And I said,
this has nothing to do with the rest of the world.
I want to help cybersecurity.
I want to help prevent these breaches.
I want to help move our society forward
and be safer and more secure for everyone.
And so that ASU internship for me was really instrumental.
Awesome for me on that.
And then after that,
I worked at my school district called PV Schools
for a cybersecurity internship.
I helped manage students.
I helped wipe old computers.
I worked on several data governance initiatives.
I did some customer service,
and I also helped get ready for a cybersecurity audit.
Next slide, please.
After I finished with PV Schools,
I went to Trusona,
and my last day there was actually Monday.
But when I was there,
I was a customer success intern for a cybersecurity startup
getting a password in favor of biometric authentication.
I was a member of the team,
and I helped provide a perspective of a younger person
or a teenager,
because let's face it,
a lot of teenagers are not very good with cybersecurity.
I helped make videos and documentation
on how our project integrates with the customers of Trusona.
That was a really wonderful experience.
I met a lot of awesome people there,
and I was just so blessed to have that opportunity.
I grew up in Phoenix Chamber of Commerce.
I did an externship.
It was a two-week experience
where we learned from cybersecurity professionals,
practiced networking and screening skills,
and also created a project with the team and presented that.
And most recently, I've been a bright intelligence intern
for the Arizona Cyber Threat Response Alliance.
I'm a member of the first student group
to go through this training.
I've learned about cybersecurity and threat intelligence
and networked with students and professionals in industry
and created a capstone project.
And the other students and I will be the founding members
of a university intelligence club
that focuses on open-source health as a result.
Next slide.
Awesome. College. Next slide.
Look, cybersecurity degrees are very important, in my opinion,
because if you don't gain the knowledge
in an educational setting or just anywhere to be a practitioner,
how are we going to find people with the technical skills to hire?
And what I found from many universities
when I was college hunting was they either didn't have
a cybersecurity degree, only had a cybersecurity minor,
or had what they called a cybersecurity degree,
which focused on auditing, which is helpful,
but our shortage is mainly in the technical ground right now.
I have some statistics on that that I can share later on
if anyone's interested.
So I found it's important that we have a technical cybersecurity degree.
And there's a couple of schools I found that have really good technical programs,
one of which is Grand Canyon University,
that's where I will be attending fall in Phoenix, Arizona.
Another one is Dakota State University in South Dakota.
Both of these have really good technical programs.
And how do we implement them?
Well, we need to implement classes that teach forensics or teach ethical hacking
and do all of this in the college space so that college graduates,
once they're out of college, they can take a job that they graduate
and be extremely successful.
Next slide, please.
And another thing that's important is requiring security coursework
in computer science majors.
It shocked me when I learned that three of the top 10 computer science programs
in the United States don't even offer a center-study class.
It's not even an option for people to take.
And I believe there's only a few, I believe it's three of the top 36 degrees
require a cybersecurity course to graduate,
meaning that a vast majority of computer science students,
they don't get any cybersecurity training in college.
And so they're in the workforce and making all these programs.
They don't know how to do it securely. It's just an afterthought.
So how do we do this? I think there's two ways.
I think we can set up a general cybersecurity course in university
that students have to take to graduate in computer programs.
And I think we possibly also add a secure coding course
that students can learn how to be secure in their programming
and how to build programs that are secure
so that we don't have these problems in as many of these fields in the future.
The next slide, please.
So what are the takeaways from this?
Obviously, yeah, go back to the takeaways. Thanks.
Thank you.
So what are the takeaways from this?
Essentially, they're not going to be able to do everything I've talked about.
And that's okay, because every little effort makes a huge difference.
So just a reminder that this is just a framework.
It's a possible solution.
I may have some really bad ideas on here,
and there are probably some really good ideas that I left out and I didn't know existed.
This is based on my very limited 18 years of experience in life
and how I see the world and I'm sure there are other really amazing resources
and ways to solve our workforce gap and get youth interested in cybersecurity
that I did not mention, and for that, I'm sorry.
But I'm sure that if we all work together, we can find the best solution for this problem.
I am around to speak to anyone that has questions or just wants some ideas.
I can also refer some other people that I know that are also really good and better than me
at recruiting youth into cybersecurity.
And so now, can you go to the next slide, please?
Thank you so much for coming to my presentation.
Do we have any questions?
And contact information you can find on the screen.
Any questions?
Thanks for the class.
Great talk.
Thank you.
Yeah, just more of a comment.
I'm really impressed with your experience, specifically with that age.
Thank you so much.
There's a lot of experience there.
That's awesome.
Yeah, thank you so much.
Great.
And I'll be hanging around the VR space.
If you have any questions, if you're on Twitch and you have questions, you can find my email in my link.
You can email me.
I'm also on Twitter.
You can message me there.
You can message me on LinkedIn.
Just send me a text request.
Relatively soon, I'll probably accept it.
I don't know, but I'll be happy to answer any questions you have.
Thank you all for your time.
I appreciate y'all being here.
Thank you, Meg, Cyber Queen Meg, for an excellent presentation.
There's a lot of useful information in there.
I will probably contact you later to talk about some of this stuff because I'm interested in the same topic.
Everybody hang out.
In about another six minutes, we'll have our next speaker.
So take a break.
Take a bio break, that sort of thing.
And we'll see you back here in about six minutes.