[00:02.730 --> 00:05.380]  And so we're ready to go.
[00:05.500 --> 00:07.140]  So I'd like to welcome to the stage
[00:07.140 --> 00:09.020]  our first speaker today.
[00:09.100 --> 00:13.300]  This is Cyber Queen Meg, otherwise known as Megan Howe.
[00:16.000 --> 00:19.420]  Megan is a passionate, rising cybersecurity...
[00:19.420 --> 00:21.220]  Oh, I forgot, sorry.
[00:21.300 --> 00:22.480]  She's going to be speaking on
[00:22.480 --> 00:25.340]  Building the Cybersecurity Workforce Pipeline,
[00:26.210 --> 00:27.820]  How to Recruit and Educate
[00:27.820 --> 00:30.380]  the Next Generation of Cyber Warriors.
[00:30.380 --> 00:33.140]  Megan Howe is a passionate, rising security professional
[00:33.140 --> 00:35.180]  who's interested in programming,
[00:35.180 --> 00:37.400]  cybersecurity, and web development.
[00:37.400 --> 00:39.700]  Megan is attending Grand Canyon University
[00:39.700 --> 00:41.240]  in Phoenix, Arizona,
[00:41.240 --> 00:44.720]  to earn a Bachelor's of Science in cybersecurity.
[00:45.120 --> 00:48.080]  Megan is currently a threat analysis intern
[00:48.080 --> 00:51.180]  for the Arizona Cyber Threat Response Alliance,
[00:51.180 --> 00:53.440]  as well as a customer success intern
[00:53.440 --> 00:57.960]  at a cybersecurity startup called Trusona.
[00:57.960 --> 01:00.620]  Megan works as a freelance bug bounty hunter.
[01:00.620 --> 01:02.540]  Wow, that's kind of interesting.
[01:02.540 --> 01:04.460]  And is particularly focused on hunting
[01:04.460 --> 01:06.640]  for web security vulnerabilities.
[01:06.800 --> 01:11.320]  Megan also contributes to open source projects, GitHub.
[01:11.700 --> 01:15.340]  Previously, Megan has worked as a cybersecurity intern
[01:15.340 --> 01:17.740]  for the Paradise Valley Unified School District
[01:17.740 --> 01:20.200]  and for the Arizona State University.
[01:20.200 --> 01:23.740]  And I might add that she is an excellent violinist.
[01:23.900 --> 01:26.700]  Megan is a nationally recognized cybersecurity scholar
[01:26.700 --> 01:28.960]  and has earned industry recognition
[01:29.490 --> 01:32.460]  and certifications through GEAC, ETA,
[01:32.460 --> 01:34.360]  TestOut, and Microsoft.
[01:34.360 --> 01:38.300]  Megan is a 2021 National Cybersecurity Scholar,
[01:38.300 --> 01:43.880]  2021 NCWIT, or National Honorable Mention,
[01:43.880 --> 01:45.720]  and two-time state champion
[01:45.720 --> 01:48.920]  in the SkillsUSA's cybersecurity competition.
[01:48.920 --> 01:51.660]  As a female student in cybersecurity,
[01:51.660 --> 01:54.060]  Megan also shares her perspective on cybersecurity
[01:54.060 --> 01:58.140]  and women in technology with audiences worldwide.
[01:58.300 --> 02:01.240]  So welcome, Megan, to the stage.
[02:01.240 --> 02:02.380]  Take it away, Megan.
[02:06.250 --> 02:08.470]  All right, I gotta figure out how to grab this thing.
[02:08.470 --> 02:09.350]  There we go.
[02:09.830 --> 02:11.690]  Thanks for the warm welcome, X-Ray,
[02:11.690 --> 02:14.150]  and thank you all for having me today.
[02:14.210 --> 02:17.050]  So as X-Ray mentioned, I'm gonna be speaking
[02:17.050 --> 02:20.630]  on building the cybersecurity workforce pipeline
[02:20.630 --> 02:24.710]  to recruit and educate the next generation of warriors.
[02:24.710 --> 02:26.110]  Next slide, please.
[02:29.290 --> 02:31.170]  So who am I?
[02:31.170 --> 02:32.810]  A photo's worth a thousand words.
[02:32.810 --> 02:34.550]  I've got different pictures up here
[02:34.550 --> 02:36.510]  to kind of illustrate who I am.
[02:36.650 --> 02:40.430]  I'm a dog lover, a recent high school graduate,
[02:40.690 --> 02:43.550]  a violinist, a public speaker,
[02:43.550 --> 02:46.290]  cybersecurity enthusiast, a conference attender,
[02:46.290 --> 02:48.450]  but most importantly, just a normal teenager
[02:48.450 --> 02:50.910]  who does normal teenager things.
[02:50.910 --> 02:53.570]  I don't just do cybersecurity all the time.
[02:53.570 --> 02:56.270]  I also like to have fun with friends and family
[02:56.270 --> 02:59.530]  and hang out with my dogs that you can see pictured.
[02:59.950 --> 03:01.590]  So next slide, please.
[03:03.490 --> 03:08.190]  So in the cybersecurity industry, we have a problem.
[03:08.190 --> 03:09.390]  There's too much demand
[03:09.910 --> 03:12.410]  for incoming cybersecurity professionals
[03:12.870 --> 03:15.830]  and not enough skilled or interested people
[03:15.830 --> 03:18.010]  that even want to go into cybersecurity,
[03:18.010 --> 03:20.970]  partially because a lot of people don't even know
[03:21.470 --> 03:24.510]  that the field exists, especially children.
[03:24.510 --> 03:28.190]  And this leads to also our education problem
[03:28.190 --> 03:30.630]  is that very few K through 12 schools
[03:30.630 --> 03:34.090]  teach practical cybersecurity content,
[03:34.090 --> 03:35.930]  and most colleges don't have
[03:36.070 --> 03:38.730]  a cybersecurity degree program or a minor.
[03:38.730 --> 03:42.090]  And even if they do, most of the time it's based on,
[03:43.870 --> 03:48.450]  yeah, the technical, not the technical,
[03:48.450 --> 03:51.890]  the business side of cybersecurity, not the technical side.
[03:51.890 --> 03:53.450]  Next slide, please.
[03:54.510 --> 03:57.370]  And so before I go on to my next slide,
[03:57.370 --> 04:01.610]  I have a little disclaimer is that I don't know everything.
[04:01.610 --> 04:05.370]  I just am a recent high school graduate.
[04:05.370 --> 04:09.930]  I don't have years of work experience like many of you have.
[04:09.930 --> 04:14.130]  And this is the end all, end all for cybersecurity.
[04:14.130 --> 04:17.950]  It's a potential framework for solving the workforce gap
[04:17.950 --> 04:21.290]  and getting more youth interested in cybersecurity
[04:21.290 --> 04:27.050]  that I hope that some of you can find parts of this useful.
[04:27.050 --> 04:30.250]  And I'm gonna be going over this framework here today
[04:30.250 --> 04:31.610]  in my presentation.
[04:31.610 --> 04:35.190]  So at the center of everything is community.
[04:35.190 --> 04:38.630]  Nine C's of cyber has to start with community,
[04:38.630 --> 04:41.150]  and then we build to concrete experience,
[04:41.150 --> 04:45.390]  clubs, coursework, competition, certifications,
[04:45.390 --> 04:49.170]  conferences, rear shadowing, and college.
[04:49.170 --> 04:51.810]  So each of these points has different things
[04:51.810 --> 04:55.710]  that we as cybersecurity practitioners or as business owners
[04:55.710 --> 04:59.210]  or as concerned community members can do
[04:59.210 --> 05:01.610]  to help boost the cybersecurity workforce
[05:01.610 --> 05:03.730]  and boost interest in the field.
[05:03.730 --> 05:05.230]  Next slide, please.
[05:07.290 --> 05:09.370]  Community, next slide.
[05:11.210 --> 05:14.390]  So before anyone is going to be interested
[05:14.390 --> 05:17.690]  in learning cybersecurity, but especially young people,
[05:17.690 --> 05:21.710]  we have to create environments that are welcoming,
[05:21.710 --> 05:25.230]  safe, fun, exciting, and supportive.
[05:25.230 --> 05:28.010]  People have to feel safe enough in these environments
[05:28.010 --> 05:31.510]  to learn, grow, try new things,
[05:31.510 --> 05:34.870]  not necessarily good at those new things,
[05:34.870 --> 05:36.530]  fall down, get back up again,
[05:36.530 --> 05:39.970]  and have the support to pursue their passions,
[05:39.970 --> 05:42.350]  whether it's cybersecurity or not.
[05:42.350 --> 05:44.570]  But in order to find passion,
[05:44.570 --> 05:47.190]  we have to have safe spaces for people
[05:47.190 --> 05:49.610]  to be able to explore those passions.
[05:49.610 --> 05:51.130]  Next slide, please.
[05:53.290 --> 05:55.530]  Mentoring is another key component
[05:55.530 --> 05:58.090]  of getting youth interested into cybersecurity
[05:58.090 --> 06:01.290]  and getting them integrated into a community
[06:01.290 --> 06:06.410]  because mentoring youth allows them to learn from you
[06:06.410 --> 06:10.830]  and learn about the workforce and what your job is
[06:10.830 --> 06:13.610]  and all the cool things to do in your job.
[06:13.610 --> 06:15.870]  You're also a resource for them.
[06:15.870 --> 06:17.390]  You can connect them to your network
[06:17.390 --> 06:21.170]  or possibly provide them with an internship at your company
[06:21.170 --> 06:25.450]  or help them with a resume or a cover letter
[06:25.450 --> 06:27.410]  or a job interview.
[06:27.690 --> 06:31.210]  But you, us adults, will also be learning
[06:31.210 --> 06:33.710]  from the people that we mentor
[06:33.710 --> 06:36.710]  because they can teach us so much
[06:36.710 --> 06:39.110]  about how to support the next generation
[06:39.530 --> 06:42.450]  and how that all works together
[06:42.450 --> 06:47.070]  and how we can best support them and other people like them.
[06:47.070 --> 06:50.850]  And so mentoring is definitely a two-way street.
[06:51.030 --> 06:52.190]  Next slide.
[06:54.130 --> 06:56.270]  Community gatherings, just like this one,
[06:56.270 --> 06:59.890]  are also important because when youth are permitted
[06:59.890 --> 07:02.810]  and encouraged to attend meetups,
[07:02.810 --> 07:04.650]  capture-the-flags, and conferences,
[07:04.650 --> 07:07.510]  they can meet people, do all sorts of cool activities
[07:07.510 --> 07:10.610]  like logging or a capture-the-flag competition
[07:10.610 --> 07:12.790]  where they learn about hacking,
[07:12.790 --> 07:15.470]  and meet people, get some cool swag.
[07:15.470 --> 07:17.330]  We all love swag.
[07:17.450 --> 07:20.330]  And form connections and bonds
[07:20.330 --> 07:23.990]  and spark their interest in cybersecurity,
[07:23.990 --> 07:28.630]  get them really engaged and wanting more.
[07:28.630 --> 07:30.230]  Next slide, please.
[07:31.870 --> 07:33.090]  Clubs.
[07:33.090 --> 07:34.470]  Next slide.
[07:35.970 --> 07:38.190]  So after-school extracurriculars
[07:38.190 --> 07:40.130]  are a really good first step
[07:40.130 --> 07:42.830]  to introduce youth to cybersecurity.
[07:42.830 --> 07:45.530]  And I'm kind of gonna go through a logical progression
[07:45.530 --> 07:48.130]  of first steps to more advanced steps
[07:48.130 --> 07:49.650]  throughout this presentation,
[07:49.650 --> 07:52.410]  which is why I have it ordered the way I do.
[07:52.570 --> 07:56.490]  So the first way I was introduced to computer science first
[07:56.490 --> 08:01.170]  and then cybersecurity through after-school extracurriculars.
[08:01.170 --> 08:05.410]  I was a member of Girls Who Code in middle school,
[08:05.410 --> 08:07.150]  seventh or eighth grade,
[08:07.150 --> 08:09.650]  about the beginning of my teenage years
[08:09.650 --> 08:11.550]  for those of you not in the US.
[08:12.130 --> 08:15.210]  And I learned how to code for the first time
[08:15.210 --> 08:17.870]  in a safe and supportive environment.
[08:18.650 --> 08:21.390]  But clubs can be more than just coding.
[08:21.390 --> 08:24.770]  There's a person in, I believe, Minnesota
[08:24.770 --> 08:27.150]  who has a Linux club,
[08:27.150 --> 08:30.030]  and he teaches middle schoolers how to use Linux
[08:30.030 --> 08:33.430]  and then do all sorts of open-source community projects
[08:34.260 --> 08:36.070]  and even distribute computers
[08:36.070 --> 08:38.190]  to kids in their classrooms that need them.
[08:38.190 --> 08:39.390]  It's really cool.
[08:39.390 --> 08:41.530]  Coding clubs are also cool.
[08:41.750 --> 08:44.790]  Hacking clubs could be super fun for high schoolers,
[08:44.790 --> 08:46.690]  but not just school.
[08:46.790 --> 08:48.850]  We need to have more than just school.
[08:48.850 --> 08:51.290]  We also need to have community programs.
[08:51.290 --> 08:56.170]  So it's crucial that we have our girls and boys clubs,
[08:56.170 --> 08:58.130]  our big brothers and sisters,
[08:58.130 --> 09:01.090]  all of these community programs
[09:01.530 --> 09:05.010]  that exist all around the world,
[09:05.010 --> 09:08.150]  including and increasing the group of cyber security skills,
[09:08.150 --> 09:09.930]  offering a workshop,
[09:09.930 --> 09:11.530]  or when Boy Scouts and Girl Scouts
[09:11.530 --> 09:13.770]  offer cyber security badges
[09:13.770 --> 09:16.510]  that are pictured on this slide right here.
[09:17.630 --> 09:21.150]  And when libraries and community centers
[09:21.150 --> 09:24.010]  and all sorts of places in the community
[09:24.010 --> 09:28.550]  put together these programs for kids,
[09:28.550 --> 09:30.270]  they might get exposed to it.
[09:30.270 --> 09:32.050]  And before they might have not.
[09:32.050 --> 09:33.450]  And same with adults.
[09:33.450 --> 09:36.950]  And if we have people that are willing to support
[09:36.950 --> 09:39.050]  and sponsor these types of programs,
[09:39.050 --> 09:41.510]  those, not just older kids,
[09:41.510 --> 09:45.250]  but kids of all ages to the fun of security,
[09:45.250 --> 09:46.910]  I believe that we can start
[09:46.910 --> 09:49.670]  getting people interested in cyber security.
[09:49.670 --> 09:52.930]  Because honestly, half of the problem is
[09:52.930 --> 09:55.110]  people just don't understand cyber security.
[09:56.590 --> 10:00.230]  So we have to first by fixing that.
[10:00.230 --> 10:01.750]  Next slide, please.
[10:03.650 --> 10:06.070]  Volunteering is also super important.
[10:06.070 --> 10:09.990]  It allows youth and adults to give back to the community,
[10:09.990 --> 10:13.390]  but also allows us to reach youth
[10:13.390 --> 10:16.230]  that maybe we wouldn't reach through an after school club
[10:16.230 --> 10:18.190]  or a community program.
[10:18.290 --> 10:20.990]  So I think a really good step for this
[10:20.990 --> 10:22.250]  would be setting up programs
[10:22.250 --> 10:24.210]  to provide cyber security services
[10:24.210 --> 10:28.570]  for small businesses, charities, or houses of worship,
[10:28.570 --> 10:30.970]  like your local church or temple,
[10:30.970 --> 10:33.990]  or whatever house of worship you attend.
[10:33.990 --> 10:38.970]  Because then you can pull in youth and other people
[10:38.970 --> 10:41.050]  to help run these services
[10:41.890 --> 10:44.870]  and get that benefit as a small business charity
[10:44.870 --> 10:46.290]  or house of worship.
[10:46.310 --> 10:50.730]  But also maybe get some people interested in cyber security
[10:50.730 --> 10:52.930]  that may not have been exposed to it
[10:52.930 --> 10:55.550]  if it weren't for these programs.
[10:55.550 --> 10:57.650]  And another cool program that's run
[10:58.230 --> 11:00.630]  is a program called TechCampers.
[11:00.630 --> 11:04.490]  It's run by the Air Force Association's Cyber Patriot.
[11:04.730 --> 11:07.770]  And it's all about educating older people,
[11:07.770 --> 11:11.750]  people new to technology on digital safety.
[11:11.750 --> 11:15.310]  So they have a free certification that people can take.
[11:15.310 --> 11:16.430]  It's aimed towards youth,
[11:16.430 --> 11:19.130]  but adults can become certified in this too.
[11:19.130 --> 11:23.670]  And it's all about helping to educate older people
[11:24.330 --> 11:26.350]  who aren't as familiar with technology
[11:26.350 --> 11:29.910]  on how to be in a way that they can understand.
[11:30.210 --> 11:33.930]  So that could also help recruit some more youth
[11:33.930 --> 11:35.390]  into cyber security.
[11:35.390 --> 11:38.110]  Say if a school were to set this up
[11:38.110 --> 11:39.730]  as a community service project
[11:40.250 --> 11:41.690]  and kids would be like,
[11:41.690 --> 11:43.470]  hey, this is kind of neat.
[11:43.470 --> 11:45.450]  These are all the kind of different things that go along
[11:45.450 --> 11:47.170]  and this is how people fall for it.
[11:47.170 --> 11:49.810]  I wanna be able to help stop that.
[11:49.970 --> 11:53.050]  So that's another really neat program that exists.
[11:53.050 --> 11:54.370]  Next slide, please.
[11:56.930 --> 11:59.290]  Competitions, next slide.
[12:00.790 --> 12:02.950]  So Capture the Flags,
[12:02.950 --> 12:05.150]  I'm sure everyone on this call,
[12:05.150 --> 12:08.750]  at least in the VR space has probably played
[12:08.750 --> 12:12.230]  many of Capture the Flag at DEF CON over the years.
[12:12.410 --> 12:14.030]  But for those unfamiliar,
[12:14.030 --> 12:15.450]  they're hacking competitions
[12:15.450 --> 12:17.990]  where you get points and rewards
[12:17.990 --> 12:19.890]  for finding virtual flags
[12:19.890 --> 12:23.610]  or solutions to a problem you're tasked to solve.
[12:23.610 --> 12:27.370]  And these competitions can help teach anyone
[12:27.370 --> 12:30.250]  about cryptography, web hacking,
[12:30.250 --> 12:32.770]  networking, how Linux works,
[12:32.770 --> 12:34.190]  how Windows works,
[12:34.190 --> 12:36.290]  how you hack a mobile application,
[12:36.290 --> 12:38.910]  how you hack artificial intelligence,
[12:38.910 --> 12:42.010]  all sorts of neat computer stuff.
[12:42.010 --> 12:46.750]  And by integrating these competitions into classrooms
[12:47.230 --> 12:50.970]  or community events or clubs,
[12:50.970 --> 12:54.950]  you can get youth interested in cybersecurity
[12:54.950 --> 12:59.310]  by giving them a creative and competitive outlet
[12:59.310 --> 13:01.090]  to explore in.
[13:01.090 --> 13:04.390]  It gives them this amazing opportunity
[13:04.390 --> 13:07.470]  to just try to solve a problem
[13:07.470 --> 13:12.310]  and get a bunch of points and rewards.
[13:13.830 --> 13:17.170]  That's also a really great motivation for youth.
[13:18.590 --> 13:20.950]  But yeah, Capture the Flags are really great
[13:20.950 --> 13:23.330]  for getting young people in
[13:23.330 --> 13:27.270]  because of the competitive nature of the activity.
[13:27.270 --> 13:28.730]  Next slide, please.
[13:31.030 --> 13:34.670]  Cyberstart America is a specific Capture the Flag
[13:35.100 --> 13:37.450]  that I've participated in.
[13:37.450 --> 13:40.090]  It starts out with this gamified experience
[13:40.090 --> 13:41.790]  where you can learn all about
[13:41.790 --> 13:47.490]  all sorts of different cybersecurity missions,
[13:47.490 --> 13:48.110]  if you say.
[13:48.110 --> 13:49.510]  You can learn about networking.
[13:49.510 --> 13:51.550]  You can learn how to use Linux.
[13:51.550 --> 13:56.510]  You can learn how to exploit an SQL vulnerability
[13:56.510 --> 13:58.030]  in a database.
[13:58.030 --> 14:00.590]  It covers almost everything.
[14:00.590 --> 14:03.010]  And then the highest score in this game
[14:03.010 --> 14:05.030]  that's about six months,
[14:05.030 --> 14:08.190]  get invited to this 48-hour competition.
[14:08.190 --> 14:11.610]  It's a Capture the Flag, runs for 48 hours straight.
[14:11.610 --> 14:14.370]  And it covers web exploitation,
[14:14.370 --> 14:17.750]  binary exploitation, forensics, networking,
[14:17.750 --> 14:20.570]  and a bunch of other different challenges.
[14:20.570 --> 14:23.810]  And I did this in spring of 2021
[14:24.530 --> 14:29.490]  and placed among the highest in the Capture the Flag.
[14:29.490 --> 14:32.910]  And I won a BIAC certification attempt
[14:33.350 --> 14:35.390]  and a college scholarship through it.
[14:35.390 --> 14:38.010]  So I earned my GFAST,
[14:38.010 --> 14:42.250]  GIAC Foundational Cybersecurity Technologies certification
[14:42.250 --> 14:45.370]  through this completely free program.
[14:45.370 --> 14:47.290]  And so it was a really great opportunity
[14:47.290 --> 14:49.510]  to learn not just about cybersecurity,
[14:49.510 --> 14:53.030]  but also the fundamentals that you need to know
[14:53.030 --> 14:54.950]  to be good at cybersecurity,
[14:54.950 --> 14:58.390]  such as networking or Linux or programming.
[14:58.390 --> 14:59.810]  Slide, please.
[15:03.390 --> 15:06.050]  CyberPatriot, I briefly mentioned earlier,
[15:06.050 --> 15:09.330]  knowing I was going to come to this slide here,
[15:09.330 --> 15:13.990]  but it's the nation's largest youth cyber defense competition.
[15:14.030 --> 15:15.730]  So it's not about hacking,
[15:15.730 --> 15:18.890]  it's about how do I secure endpoints?
[15:18.890 --> 15:24.330]  So Windows machines, Ubuntu machines, and Windows servers.
[15:24.330 --> 15:26.010]  So it's a team competition.
[15:26.010 --> 15:27.670]  You work in teams of five
[15:28.270 --> 15:31.710]  and focus on fixing security vulnerabilities
[15:31.710 --> 15:35.210]  on virtual machines in Windows desktop,
[15:35.210 --> 15:37.250]  Windows server, and Ubuntu,
[15:37.250 --> 15:40.650]  but also creating secure networks in Packet Tracer,
[15:40.650 --> 15:43.370]  which is a Cisco program that allows you
[15:43.370 --> 15:46.070]  to model how networks run,
[15:46.070 --> 15:49.330]  and also taking a networking challenge.
[15:49.330 --> 15:54.150]  And so there is a special branch
[15:54.150 --> 15:57.970]  for high schoolers in the ROTC program,
[15:57.970 --> 16:02.710]  but I competed as part of another program that I was in,
[16:02.710 --> 16:07.790]  which I will get to later as just a civilian competitor.
[16:07.810 --> 16:09.550]  And there's a high school program
[16:09.550 --> 16:11.230]  and a middle school program.
[16:11.230 --> 16:14.230]  You can do these in person or virtually,
[16:14.230 --> 16:16.890]  and there's no skill requirements to join.
[16:16.890 --> 16:19.850]  And students learn so much through these programs
[16:19.850 --> 16:22.530]  from their coaches and mentors
[16:22.530 --> 16:26.330]  who are both just adults who are interested in cybersecurity
[16:27.190 --> 16:29.370]  and want to help kids learn.
[16:29.370 --> 16:33.510]  So my teams and I placed gold two years in a row,
[16:33.510 --> 16:35.850]  2019 and 2020.
[16:35.850 --> 16:39.210]  It's a really fun experience.
[16:39.270 --> 16:43.670]  It's long Saturdays of six hours straight of competition,
[16:43.670 --> 16:45.490]  but it's so fun.
[16:45.490 --> 16:47.630]  I learned so much through it.
[16:47.630 --> 16:50.390]  I got my first exposure to Linux through it.
[16:50.390 --> 16:54.130]  It was really, really an amazing program.
[16:54.130 --> 16:55.930]  Next slide, please.
[16:58.330 --> 17:02.550]  So SkillsUSA isn't just a cybersecurity organization.
[17:02.550 --> 17:06.550]  It's what they call a career technical student organization
[17:07.350 --> 17:09.550]  where students taking what they call career
[17:09.550 --> 17:11.310]  and technical education classes,
[17:11.310 --> 17:14.130]  or basically classes teach you things
[17:14.130 --> 17:15.750]  that you can use in the workforce,
[17:15.750 --> 17:20.190]  like woodworking or programming or cybersecurity.
[17:20.190 --> 17:25.870]  And so they have a competition for cybersecurity students,
[17:25.870 --> 17:31.390]  and it's a two day, eight hours per day,
[17:31.390 --> 17:36.830]  at least nationally competition where there's 10 steps
[17:37.320 --> 17:40.910]  and you have to secure networks, secure firewalls,
[17:40.910 --> 17:43.890]  you have to secure Windows computers,
[17:43.890 --> 17:47.210]  you have to perform a penetration test on a network,
[17:47.210 --> 17:50.150]  you have to do some digital forensics,
[17:50.150 --> 17:52.210]  and you just have to really exhibit
[17:52.210 --> 17:54.370]  that you know all sorts of things
[17:54.370 --> 17:58.310]  about networking and cybersecurity through this competition.
[17:58.310 --> 18:01.390]  And so I've competed in it for two years.
[18:01.390 --> 18:07.510]  It's a partner competition and have done well both years
[18:07.510 --> 18:10.370]  and have learned so much from it both years.
[18:10.370 --> 18:12.590]  But the other thing about SkillsUSA,
[18:12.590 --> 18:15.710]  which is a program you have to run through a school.
[18:15.710 --> 18:18.990]  It's a program that a teacher would start,
[18:19.650 --> 18:22.830]  but you learn about workplace soft skills.
[18:22.830 --> 18:24.890]  So how do you be professional?
[18:24.930 --> 18:28.190]  How do you apply for a job or write a resume
[18:28.190 --> 18:30.210]  or do an interview?
[18:30.210 --> 18:33.510]  So it integrates all of these other skills
[18:33.510 --> 18:36.970]  in along with allowing you to get experience
[18:36.970 --> 18:38.870]  in the cybersecurity realm.
[18:38.870 --> 18:40.410]  Next slide, please.
[18:42.840 --> 18:46.660]  So Trace Labs, those of you in person at Def Con
[18:46.660 --> 18:49.780]  or just following all of the Twitter buzz about Def Con
[18:49.780 --> 18:52.540]  have probably seen some stuff about Trace Labs
[18:52.540 --> 18:54.180]  in the past week because they're having
[18:54.180 --> 18:57.600]  their quarterly Capture the Flag competition today.
[18:57.800 --> 19:00.160]  And it's an open source competition
[19:00.940 --> 19:05.120]  where competitors and judges kind of team up
[19:05.120 --> 19:08.980]  to help find open source intelligence
[19:08.980 --> 19:12.240]  about the whereabouts on missing persons.
[19:12.360 --> 19:14.780]  And so competitors, whether individually
[19:14.780 --> 19:17.440]  or in teams, work together.
[19:17.620 --> 19:21.260]  They have a list of about four to six missing people
[19:21.860 --> 19:24.360]  and a little bit of starter information.
[19:24.360 --> 19:26.020]  And they're given four to six hours
[19:26.560 --> 19:30.180]  to go find as much information about their whereabouts,
[19:30.180 --> 19:32.900]  their contact information, who they're associated with
[19:33.400 --> 19:35.620]  and where they may be located.
[19:35.980 --> 19:38.300]  Then the judges screen these results
[19:38.300 --> 19:41.040]  and flag the ones that could be helpful
[19:41.040 --> 19:44.380]  for law enforcement to submit as tips
[19:44.380 --> 19:45.920]  to help find these people
[19:45.920 --> 19:48.220]  and reunite them with their families.
[19:48.220 --> 19:52.020]  So I have judged two times now for Trace Labs.
[19:52.020 --> 19:56.160]  I won't be judging today as I'm speaking with you all
[19:57.240 --> 19:58.480]  because it's next.
[20:02.640 --> 20:05.700]  And judges and contestants have the opportunity
[20:05.700 --> 20:09.080]  to go through open source intelligence training.
[20:09.080 --> 20:11.240]  And it's a really great hands-on way
[20:11.240 --> 20:15.760]  to learn about this specific niche of cybersecurity.
[20:15.880 --> 20:19.720]  So I highly recommend getting involved with Trace Labs
[20:19.720 --> 20:21.060]  even if you aren't a student
[20:21.680 --> 20:25.380]  as it does amazing things for the community.
[20:25.380 --> 20:27.020]  Next slide, please.
[20:28.940 --> 20:30.140]  Coursework.
[20:30.140 --> 20:31.920]  Next slide.
[20:32.440 --> 20:33.500]  Thank you.
[20:33.500 --> 20:37.360]  So one thing I found is that
[20:38.180 --> 20:41.060]  in high school, not many high schools
[20:41.060 --> 20:43.840]  have cybersecurity specific coursework.
[20:43.840 --> 20:46.680]  So I was lucky enough in that I got to go to a high school
[20:46.680 --> 20:48.780]  with a computer science program,
[20:48.780 --> 20:53.060]  but I never had to take a cybersecurity course.
[20:53.060 --> 20:56.100]  It wasn't even an option for me to take.
[20:56.320 --> 20:59.740]  And my instructors did an amazing job
[20:59.740 --> 21:03.340]  of integrating cybersecurity into the curriculum,
[21:03.340 --> 21:06.740]  but I think it would be insanely helpful
[21:07.380 --> 21:09.860]  to integrate cybersecurity
[21:10.280 --> 21:13.000]  and the technical aspects of cybersecurity,
[21:13.000 --> 21:16.180]  not just digital citizenship, into our high school.
[21:16.180 --> 21:19.700]  So a program I used a lot for other computer classes
[21:19.700 --> 21:21.400]  is called Tucked Out.
[21:21.400 --> 21:27.280]  It's a certification company that has online virtual labs.
[21:27.280 --> 21:31.580]  And I have taken and passed three of their certifications.
[21:31.580 --> 21:33.660]  They have one called PC Pro,
[21:33.660 --> 21:35.720]  which is all about building PCs
[21:35.720 --> 21:38.280]  and Windows operating systems.
[21:38.280 --> 21:41.560]  It basically prepares you for the CompTIA A-plus exam.
[21:41.560 --> 21:43.640]  I've taken their Network Pro,
[21:43.640 --> 21:46.380]  which is all about computer networking.
[21:46.380 --> 21:49.120]  It prepares you for CompTIA's Network Plus.
[21:49.180 --> 21:51.820]  And I've taken their Routing and Switching Pro,
[21:51.820 --> 21:57.220]  which prepares you for the CTNA certification by Cisco.
[21:57.220 --> 22:00.420]  And so they provide, it's an online sandbox
[22:00.420 --> 22:01.640]  for students to learn,
[22:01.640 --> 22:04.820]  and they offer several cybersecurity courses.
[22:04.820 --> 22:07.240]  And so I think integrating this
[22:07.240 --> 22:08.940]  into a high school elective class
[22:08.940 --> 22:11.680]  would be a safe way for the school district,
[22:11.680 --> 22:13.360]  also a super beneficial way
[22:13.360 --> 22:15.960]  for youth interested in computers
[22:15.960 --> 22:18.420]  to learn about cybersecurity.
[22:19.220 --> 22:22.460]  It's really great that I'll talk about more in depth later
[22:22.460 --> 22:24.420]  is called TriHackMe.
[22:24.420 --> 22:25.800]  It's an online sandbox
[22:25.800 --> 22:31.860]  that allows you to essentially just do these challenges
[22:31.860 --> 22:34.920]  that teach you not just about hacking,
[22:34.920 --> 22:37.240]  but defensive security,
[22:37.750 --> 22:40.360]  physics, how to set up firewalls,
[22:40.360 --> 22:42.980]  and yes, web hacking, and mobile hacking,
[22:42.980 --> 22:46.800]  and more of the technical hands-on aspects
[22:46.800 --> 22:48.300]  of cybersecurity.
[22:48.540 --> 22:50.460]  And another really great way to integrate this
[22:50.460 --> 22:52.880]  is through a secured and isolated lab environment
[22:52.880 --> 22:55.200]  that students have control of.
[22:55.200 --> 22:57.040]  They get to decide what goes in it,
[22:57.040 --> 22:58.900]  they get to decide how it's set up,
[22:58.900 --> 23:00.540]  and they get to implement skills
[23:00.540 --> 23:04.720]  from a networking course, or a program course,
[23:04.720 --> 23:08.760]  or PC course on how to best set this up.
[23:08.760 --> 23:12.060]  And they also get to integrate skills
[23:12.060 --> 23:14.720]  on how best to secure that network
[23:14.720 --> 23:17.360]  and try to bypass those defenses.
[23:18.020 --> 23:19.640]  Next slide, please.
[23:22.200 --> 23:24.300]  Outside courses are also really great
[23:24.300 --> 23:27.360]  for people already kind of itching
[23:27.360 --> 23:29.520]  with the cybersecurity bug.
[23:29.660 --> 23:33.500]  I don't know any teenagers that are gonna be like,
[23:33.500 --> 23:37.020]  I wanna go take a random course on cybersecurity,
[23:37.020 --> 23:38.460]  I've never heard of it.
[23:38.460 --> 23:43.000]  There has to be some sort of fun, cool exposure to it
[23:43.000 --> 23:44.760]  before you get to this point.
[23:44.760 --> 23:48.780]  But once youth are interested in something,
[23:48.780 --> 23:53.380]  what I found is they'll do a lot to explore that.
[23:53.380 --> 23:56.700]  And so there's several resources
[23:56.700 --> 23:58.460]  where you can take outside courses,
[23:58.460 --> 24:01.400]  and this is not an all-inclusive list by any means,
[24:01.400 --> 24:03.580]  but edX and Coursera have a lot
[24:03.580 --> 24:05.980]  of really general cybersecurity courses,
[24:05.980 --> 24:08.580]  which is good for someone kind of just starting out
[24:08.580 --> 24:09.660]  and like, hey, I wanna see
[24:09.660 --> 24:11.760]  if this is something I'm even interested in.
[24:11.760 --> 24:14.540]  Do I wanna take a class at my high school on this?
[24:14.540 --> 24:17.680]  I don't know if I wanna commit to that elective block yet,
[24:17.680 --> 24:19.160]  I just wanna see.
[24:19.300 --> 24:21.540]  And TCM Security and Udemy
[24:21.540 --> 24:24.040]  have more specialized courses on.
[24:24.040 --> 24:26.560]  Okay, this is how you run a penetration test.
[24:26.560 --> 24:30.280]  This is how you code malicious scripts in Python.
[24:30.300 --> 24:33.140]  All sorts of niche skills
[24:33.140 --> 24:36.480]  that professionals and students alike
[24:36.480 --> 24:39.820]  are trying to learn through these platforms.
[24:40.020 --> 24:41.660]  Next slide, please.
[24:42.860 --> 24:44.640]  Concrete experience.
[24:44.640 --> 24:45.960]  Next slide.
[24:46.240 --> 24:47.420]  Thanks.
[24:47.420 --> 24:49.600]  Oh, I promised I'd talk about TryHackMe,
[24:49.600 --> 24:51.960]  and the time has come for that.
[24:52.060 --> 24:58.440]  So TryHackMe is unique in that it is a freemium program.
[24:58.440 --> 25:01.560]  It has a free tier that really has a lot of features,
[25:01.560 --> 25:05.760]  but also a paid tier that allows you to access modules
[25:05.760 --> 25:08.200]  that are available in the free tier.
[25:08.200 --> 25:12.400]  And that tier, I believe, is only like $10 or $15 a month.
[25:12.400 --> 25:15.460]  So it doesn't require a lot of financial commitment,
[25:15.460 --> 25:19.180]  and you can also gift this to people.
[25:19.180 --> 25:23.460]  And it's a really great way for people who don't know how to hack
[25:23.460 --> 25:24.940]  to learn how to hack.
[25:24.940 --> 25:29.820]  They have Kali Linux and parent security boxes up in the cloud
[25:29.820 --> 25:35.060]  that you can use to hack stuff on their website.
[25:35.060 --> 25:36.300]  It's all set up.
[25:36.300 --> 25:40.620]  There's a whole virtual private network connected into it.
[25:40.620 --> 25:42.340]  It's a really neat program.
[25:42.340 --> 25:44.930]  And then there are tackle box, which is for,
[25:46.210 --> 25:49.110]  once you have some of those basic hacking skills
[25:49.110 --> 25:52.270]  and you want to practice taking over a machine
[25:52.270 --> 25:55.870]  and using techniques that you've already learned,
[25:55.870 --> 25:58.290]  it's basically vulnerable machines
[25:58.290 --> 26:02.110]  that you have to try different techniques to own
[26:02.110 --> 26:06.350]  or take over the machine and hack it to make it yours.
[26:06.410 --> 26:08.250]  And so these programs are really great
[26:08.250 --> 26:11.290]  for helping youth and adults alike
[26:11.290 --> 26:12.950]  get the hands-on experience
[26:12.950 --> 26:16.610]  that they need to be successful in cybersecurity.
[26:17.130 --> 26:18.650]  Next slide, please.
[26:19.950 --> 26:21.450]  Thank you.
[26:21.450 --> 26:26.630]  Secure hacking environments are also really neat.
[26:26.690 --> 26:30.930]  There are many cyber ranges here in the United States
[26:30.930 --> 26:35.630]  where they have several machines kind of like hack the box,
[26:35.630 --> 26:39.970]  but you can kind of just do whatever you want on them
[26:39.970 --> 26:41.690]  because they're isolated.
[26:41.710 --> 26:44.010]  And you can try a bunch of different techniques
[26:44.010 --> 26:47.850]  and try to, hey, I tried this,
[26:47.850 --> 26:50.370]  but I want to see if this will also work.
[26:50.390 --> 26:56.910]  And there's also, I believe, some isolated online servers,
[26:56.910 --> 27:01.230]  kind of like there's the vulnerable web application
[27:01.230 --> 27:04.550]  that you can download locally.
[27:04.550 --> 27:08.410]  And there's one by Google, it's cheese themed,
[27:08.410 --> 27:12.850]  where it's intentionally vulnerable.
[27:12.910 --> 27:15.650]  And your goal is to try to hack it
[27:15.650 --> 27:17.770]  and just play around
[27:17.770 --> 27:20.410]  and find all these cool vulnerabilities.
[27:20.410 --> 27:21.830]  Next slide, please.
[27:23.890 --> 27:27.570]  Homelabs are definitely for more advanced users.
[27:27.570 --> 27:30.070]  I am still in the process of setting up mine.
[27:30.070 --> 27:33.750]  It's a long process, but once you get it set up,
[27:33.750 --> 27:36.290]  I believe it's totally worth it
[27:36.290 --> 27:40.550]  because it's about creating a model production environment
[27:40.550 --> 27:43.670]  where you can hack your own stuff,
[27:43.670 --> 27:45.170]  practice setting up firewalls
[27:45.170 --> 27:47.230]  and practice bypassing that firewall
[27:47.890 --> 27:51.850]  or have a bug machine and set up a web server
[27:51.850 --> 27:55.430]  that you can try to hack stuff through.
[27:55.430 --> 27:57.570]  And you're not just learning about hacking here,
[27:57.570 --> 27:59.270]  you're learning about vulnerabilities,
[27:59.270 --> 28:02.210]  Windows, Linux, virtualization,
[28:02.210 --> 28:04.470]  blue teaming or defense mechanisms,
[28:04.470 --> 28:06.830]  red teaming or attack mechanisms,
[28:06.830 --> 28:08.650]  networking, you know,
[28:08.650 --> 28:11.150]  how do all these corporate networks work?
[28:11.150 --> 28:13.190]  How do you set up Linux?
[28:13.190 --> 28:17.110]  What makes Debian different from Fedora Linux?
[28:17.110 --> 28:19.870]  It's the way you install applications.
[28:19.870 --> 28:22.530]  Really, if you want to learn about something with computers,
[28:22.570 --> 28:27.410]  a homelab is a really amazing way to do that.
[28:27.410 --> 28:30.090]  It just requires a lot of time on Google
[28:30.710 --> 28:33.270]  and a lot of experience,
[28:33.270 --> 28:36.890]  but it's something that I think we need to promote more
[28:36.890 --> 28:39.390]  to people interested in cybersecurity
[28:39.390 --> 28:42.250]  because it's really easy to set up
[28:42.250 --> 28:44.250]  in just some virtual machines.
[28:44.250 --> 28:49.110]  It can be as big or as small as your computer can manage.
[28:49.130 --> 28:50.330]  Next slide, please.
[28:52.630 --> 28:54.030]  So bug bounties.
[28:54.030 --> 28:58.050]  I mentioned that I am a freelance bug bounty hunter.
[28:58.130 --> 28:59.770]  What I forgot to put in that bio
[28:59.770 --> 29:04.230]  is I'm also a freelance AI bias bounty hunter.
[29:04.370 --> 29:06.930]  There was a program that Twitter did last summer
[29:06.930 --> 29:10.510]  where they had their AI cropping algorithm
[29:10.510 --> 29:16.730]  and researchers tried to find biases in that program.
[29:16.730 --> 29:19.690]  And so that was a program on something called HackerOne,
[29:19.690 --> 29:23.270]  which is a really nice program for beginners
[29:23.270 --> 29:26.150]  because they have so many things you can hack.
[29:26.150 --> 29:31.270]  And also you can get invited to private programs really easily.
[29:31.270 --> 29:33.370]  Bug Crowd is also nice.
[29:33.370 --> 29:35.650]  Any of these programs are on the screen.
[29:35.650 --> 29:38.350]  Hunter.dev is for open source vulnerabilities,
[29:38.350 --> 29:40.350]  but basically bug bountying,
[29:40.350 --> 29:42.530]  there's the incentive of getting paid
[29:42.530 --> 29:45.870]  for finding a bug in a company, legally hacking them,
[29:45.870 --> 29:47.830]  and then getting money for it
[29:47.830 --> 29:52.630]  and learning all about cybersecurity in the process.
[29:52.630 --> 29:56.090]  And it's just an amazing process.
[29:56.090 --> 29:59.070]  It's very, very frustrating at times,
[29:59.070 --> 30:02.150]  but once you get the hang of,
[30:02.150 --> 30:05.450]  and I had to get the hang of,
[30:05.450 --> 30:08.350]  hacking an actual production environment,
[30:08.350 --> 30:12.990]  it's a really great way for older youth
[30:12.990 --> 30:18.970]  to explore their skills and do things ethically,
[30:18.970 --> 30:22.950]  not just go like, I want to go down Twitter today,
[30:22.950 --> 30:25.230]  but like, hey, there's a company
[30:25.230 --> 30:28.470]  that invited me to their private program,
[30:28.470 --> 30:31.830]  and I want to see if I can find SQL injection vulnerability
[30:32.650 --> 30:36.190]  on their website and forward it to them.
[30:36.950 --> 30:40.370]  So I think bug bounty is really neat,
[30:40.370 --> 30:42.310]  especially for older teenagers
[30:42.790 --> 30:45.970]  or college students looking to make money,
[30:45.970 --> 30:47.370]  all that kind of stuff.
[30:47.370 --> 30:48.810]  Next slide, please.
[30:50.990 --> 30:54.070]  So X-Ray also mentioned I have contributed
[30:54.890 --> 30:56.590]  to open source software,
[30:56.590 --> 31:00.250]  and I think this is really good for the next generation
[31:00.250 --> 31:04.330]  to do because not only does it teach them how to program
[31:04.330 --> 31:09.270]  and how GitHub and source code...
[31:16.870 --> 31:18.010]  I apologize.
[31:18.350 --> 31:22.650]  Am I still on?
[31:22.650 --> 31:27.890]  Sorry, my kidney decided to recap for a moment.
[31:29.770 --> 31:32.390]  Your audio is very, very quiet now.
[31:33.250 --> 31:34.730]  Microphone is not active.
[31:35.610 --> 31:37.170]  All right, let me try something.
[31:40.150 --> 31:42.030]  You need to pick up the microphone.
[31:43.330 --> 31:44.830]  All right, I will.
[31:49.560 --> 31:50.300]  Better?
[31:51.480 --> 31:53.340]  Nope, still the same.
[32:00.660 --> 32:02.900]  You need to pick up one of the microphones.
[32:02.900 --> 32:03.940]  That'll give you a megaphone,
[32:03.940 --> 32:05.940]  and then everybody will be able to hear you.
[32:06.020 --> 32:07.940]  I thought I had one of the microphones.
[32:09.020 --> 32:10.800]  You accidentally must have dropped it
[32:10.800 --> 32:13.320]  because I can see them both on the podium there.
[32:18.360 --> 32:19.520]  How about now?
[32:19.520 --> 32:20.380]  There you go.
[32:21.020 --> 32:21.720]  All right, perfect.
[32:21.720 --> 32:23.480]  Thanks for that help, X-Ray.
[32:25.440 --> 32:27.380]  Anyways, open source software.
[32:28.920 --> 32:32.140]  It's really good for our youth to explore
[32:32.680 --> 32:35.160]  and learn about programming,
[32:35.160 --> 32:37.780]  but also find vulnerabilities to these projects
[32:37.780 --> 32:39.740]  and help to patch them.
[32:40.520 --> 32:43.900]  These maintainers who are working so hard
[32:43.900 --> 32:48.520]  on all these projects that Google are scared of,
[32:48.520 --> 32:51.740]  and they may miss something.
[32:51.740 --> 32:55.160]  And it's really a community of security researchers
[32:55.980 --> 33:02.120]  in OSS helping to kind of plan for this and fix it
[33:02.120 --> 33:04.280]  and I think it's a really good place
[33:04.280 --> 33:08.840]  for youth to serve in this field.
[33:08.840 --> 33:12.240]  So I created two open source projects,
[33:12.240 --> 33:15.480]  GeekFest.Linux was a senior project I did,
[33:15.480 --> 33:18.640]  all about making it a lot easier to build HomeLab
[33:18.940 --> 33:24.440]  and also a log-forging scanner in December of 2021.
[33:25.040 --> 33:27.860]  I've contributed to the Beef Project,
[33:27.860 --> 33:31.360]  which is a web application testing app.
[33:31.360 --> 33:33.420]  I've contributed to BlackArchLinux.
[33:33.420 --> 33:35.400]  Yes, I use ArchLinux.
[33:35.400 --> 33:36.800]  I love it.
[33:37.560 --> 33:40.660]  And RaspAP, which is a access point
[33:40.660 --> 33:44.280]  that you can put on a Raspberry Pi.
[33:45.580 --> 33:50.100]  It's a very supportive community of programmers,
[33:50.100 --> 33:53.320]  security enthusiasts, and just other people.
[33:53.320 --> 33:56.020]  And there's also a background you can do for open source
[33:56.020 --> 33:58.660]  on a site called hunter.dev.
[33:58.660 --> 34:02.520]  So that's also a good resource to look into
[34:02.520 --> 34:05.320]  when you're talking to youth about getting cybersecurity
[34:05.900 --> 34:08.960]  and three ways to do it.
[34:08.960 --> 34:10.240]  Next slide, please.
[34:13.080 --> 34:14.600]  Certifications.
[34:14.880 --> 34:16.140]  Next slide.
[34:17.320 --> 34:21.200]  So cybersecurity certifications are a really great way
[34:21.200 --> 34:27.180]  to tangibly show what someone knows about you.
[34:27.180 --> 34:30.460]  Because you can pass a test
[34:30.460 --> 34:35.760]  or finish 11 online labs successfully.
[34:36.060 --> 34:39.080]  You clearly know something about that subject.
[34:39.080 --> 34:42.480]  And it's a really great way for schools
[34:42.480 --> 34:45.040]  to show off their student knowledge,
[34:45.040 --> 34:47.480]  but also as a resource for students
[34:47.480 --> 34:49.360]  learning individually on their own
[34:49.800 --> 34:53.940]  or for community centers or libraries
[34:53.940 --> 34:57.080]  to offer sessions for.
[34:57.380 --> 35:00.500]  And so I think those certifications
[35:00.500 --> 35:03.420]  that pass a number of formats,
[35:03.420 --> 35:06.660]  ATA, GIA, MPT, MTA,
[35:06.660 --> 35:10.040]  all kind of test in a multiple choice format.
[35:10.060 --> 35:11.980]  I'm going to be taking security plus here
[35:11.980 --> 35:13.500]  in the next couple of weeks.
[35:13.500 --> 35:18.900]  That's a mix of multiple choice and free response,
[35:18.900 --> 35:23.400]  but kind of like drag and drops or maps.
[35:23.940 --> 35:25.800]  And then there's test out certifications,
[35:25.800 --> 35:27.940]  which are 100% hands-on.
[35:30.160 --> 35:32.720]  And they're insanely hard to pass,
[35:32.720 --> 35:35.220]  but it's also insanely rewarding.
[35:36.600 --> 35:39.600]  So if a student isn't a great taker,
[35:39.600 --> 35:42.520]  but they're really good at doing hands-on activities,
[35:42.520 --> 35:43.860]  maybe test out certifications
[35:43.860 --> 35:46.280]  are better for them to show off their knowledge.
[35:46.280 --> 35:48.260]  But if they're a really good test taker,
[35:48.260 --> 35:51.080]  maybe they should take something like the ETA ITS
[35:51.080 --> 35:54.420]  certification or the CompTIA security class.
[35:54.420 --> 35:55.740]  Next slide, please.
[36:05.180 --> 36:08.000]  Ready for the next slide, whenever they're done.
[36:08.200 --> 36:09.040]  There we go.
[36:09.040 --> 36:11.740]  Conferences, next slide, please.
[36:12.360 --> 36:16.120]  So why are conferences like this, like DEF CON,
[36:16.120 --> 36:19.480]  so important to expose youth
[36:19.480 --> 36:22.400]  who are getting interested inside your security exam?
[36:22.400 --> 36:25.820]  They can learn new things, do all sorts of fun workshops
[36:25.820 --> 36:29.240]  like block picking or capture flag
[36:29.240 --> 36:35.140]  or a trace labs capture the flag or also car hacking.
[36:35.140 --> 36:37.780]  I believe there's an aviation village at DEF CON.
[36:37.780 --> 36:41.060]  I'm not in Vegas, so I'm seeing everything that's going on
[36:41.380 --> 36:43.380]  and it all looks really cool.
[36:44.120 --> 36:46.700]  And you can learn about all these neat areas
[36:46.700 --> 36:48.140]  of cybersecurity.
[36:48.200 --> 36:51.480]  Also network professionals and hobbyists
[36:51.480 --> 36:54.520]  and enthusiasts like everyone here.
[36:54.660 --> 36:57.920]  But students can also learn about professionalism,
[36:57.920 --> 37:02.300]  be a good professional in a professional manner.
[37:02.300 --> 37:05.460]  Also, once they get some knowledge,
[37:05.460 --> 37:07.080]  practice some public speaking
[37:07.660 --> 37:10.760]  and get their public speaking skills up to par
[37:10.760 --> 37:13.540]  and be really good.
[37:14.700 --> 37:17.080]  And conferences are just a great way
[37:17.080 --> 37:20.080]  to learn both the soft skills
[37:20.080 --> 37:22.920]  that are needed in cybersecurity,
[37:22.920 --> 37:26.160]  but also learn new skills and teach others
[37:26.160 --> 37:28.580]  about skills that you already have.
[37:32.570 --> 37:35.550]  Career shadowing, next slide.
[37:36.770 --> 37:40.650]  Awesome, so a program I was in when I was in high school,
[37:40.650 --> 37:42.130]  it's called Paradise Valley Women
[37:42.130 --> 37:44.430]  in Information Technology 84.
[37:44.430 --> 37:46.230]  I will call it PBWIT for short
[37:46.230 --> 37:49.710]  because that whole long phrase is very long.
[37:49.710 --> 37:53.110]  So it's an internship where young women
[37:53.110 --> 37:54.950]  around my school district came together
[37:55.310 --> 37:57.030]  to learn about different tech,
[37:57.030 --> 37:58.870]  such as artificial intelligence,
[37:58.870 --> 38:01.530]  these things and cybersecurity.
[38:02.030 --> 38:03.650]  And to learn about these fields,
[38:03.650 --> 38:05.970]  we did hands-on projects,
[38:05.970 --> 38:08.290]  communications to district leadership
[38:08.290 --> 38:11.310]  and other IT leaders around our state.
[38:11.310 --> 38:15.190]  And we got mentored by our district's IT director
[38:15.890 --> 38:17.670]  and we had guest speakers come in.
[38:17.670 --> 38:19.370]  We had an ethical hacker come in
[38:19.370 --> 38:23.910]  and it was a really great program.
[38:24.070 --> 38:27.290]  If you are setting up a program similar to this,
[38:27.290 --> 38:29.950]  it doesn't even have to be in a school district.
[38:30.450 --> 38:32.810]  It doesn't have to be exclusively for women.
[38:32.810 --> 38:36.470]  It could be for anyone that is interested.
[38:36.470 --> 38:38.450]  A library or a community center
[38:38.450 --> 38:40.250]  could set something up like this
[38:40.250 --> 38:42.270]  that meets during the summer.
[38:42.270 --> 38:44.890]  It could be part of a summer camp held somewhere
[38:45.630 --> 38:47.250]  where youths just come together
[38:47.250 --> 38:49.690]  and learn things collaboratively
[38:49.690 --> 38:53.410]  in a safe environment and do projects
[38:53.410 --> 38:54.770]  and present their work
[38:54.770 --> 38:57.750]  and get mentored by industry professionals.
[38:58.110 --> 39:00.030]  Next slide, please.
[39:02.740 --> 39:05.380]  So, I've done a number of security internships
[39:05.380 --> 39:07.640]  and just to note,
[39:07.640 --> 39:11.520]  this is not an all-inclusive list
[39:11.520 --> 39:13.740]  of what security internships are like.
[39:13.740 --> 39:16.000]  These are just a few I've done
[39:16.000 --> 39:18.100]  and what my experiences were like.
[39:18.100 --> 39:21.120]  These can be very different or similar
[39:21.620 --> 39:24.580]  or anything like that.
[39:24.640 --> 39:28.460]  During the fall of 2020 and spring of 2021,
[39:28.460 --> 39:30.200]  I worked at Arizona State University
[39:31.040 --> 39:33.100]  as an information security intern
[39:33.660 --> 39:36.600]  with one of my very good friends.
[39:36.600 --> 39:38.320]  And we worked there for nine months
[39:38.960 --> 39:42.220]  helping to improve their security review process.
[39:42.220 --> 39:44.920]  So, when an administrator or professor
[39:44.920 --> 39:46.560]  wants to add an application
[39:47.120 --> 39:48.320]  that can be used,
[39:48.320 --> 39:51.300]  they had to go through this process first.
[39:51.440 --> 39:54.100]  And that was a really wonderful internship.
[39:54.120 --> 39:55.900]  And at one point,
[39:55.900 --> 39:58.500]  we were learning about instant response.
[39:58.680 --> 40:01.380]  This was in December, 2020,
[40:01.380 --> 40:03.560]  when solar was hit.
[40:03.620 --> 40:09.200]  And that was one of the biggest issues of all time.
[40:09.200 --> 40:12.240]  And Chloe and I, my fellow intern,
[40:12.240 --> 40:15.340]  were kind of thrown into the mix of
[40:15.860 --> 40:18.500]  this big, giant catastrophe.
[40:18.500 --> 40:21.700]  And this is where I saw everything going on
[40:21.700 --> 40:24.400]  and all of the people
[40:25.400 --> 40:26.760]  rushing to help
[40:27.240 --> 40:29.880]  and trying to solve these problems.
[40:29.880 --> 40:31.040]  And I said,
[40:31.040 --> 40:33.780]  this has nothing to do with the rest of the world.
[40:34.300 --> 40:38.300]  I want to help cybersecurity.
[40:38.300 --> 40:40.300]  I want to help prevent these breaches.
[40:40.300 --> 40:43.300]  I want to help move our society forward
[40:43.300 --> 40:47.020]  and be safer and more secure for everyone.
[40:47.020 --> 40:52.100]  And so that ASU internship for me was really instrumental.
[40:53.300 --> 40:55.620]  Awesome for me on that.
[40:55.620 --> 40:57.100]  And then after that,
[40:57.100 --> 40:59.400]  I worked at my school district called PV Schools
[41:00.060 --> 41:02.300]  for a cybersecurity internship.
[41:02.400 --> 41:04.000]  I helped manage students.
[41:04.000 --> 41:06.400]  I helped wipe old computers.
[41:06.560 --> 41:09.760]  I worked on several data governance initiatives.
[41:09.760 --> 41:11.980]  I did some customer service,
[41:11.980 --> 41:16.220]  and I also helped get ready for a cybersecurity audit.
[41:17.340 --> 41:19.220]  Next slide, please.
[41:21.700 --> 41:24.220]  After I finished with PV Schools,
[41:24.220 --> 41:25.840]  I went to Trusona,
[41:25.840 --> 41:29.560]  and my last day there was actually Monday.
[41:30.540 --> 41:31.940]  But when I was there,
[41:31.940 --> 41:35.660]  I was a customer success intern for a cybersecurity startup
[41:35.660 --> 41:39.480]  getting a password in favor of biometric authentication.
[41:39.740 --> 41:41.600]  I was a member of the team,
[41:41.600 --> 41:45.180]  and I helped provide a perspective of a younger person
[41:45.180 --> 41:47.300]  or a teenager,
[41:47.300 --> 41:48.580]  because let's face it,
[41:48.720 --> 41:52.120]  a lot of teenagers are not very good with cybersecurity.
[41:53.260 --> 41:55.300]  I helped make videos and documentation
[41:55.300 --> 42:00.300]  on how our project integrates with the customers of Trusona.
[42:00.300 --> 42:03.000]  That was a really wonderful experience.
[42:03.000 --> 42:05.480]  I met a lot of awesome people there,
[42:05.480 --> 42:09.020]  and I was just so blessed to have that opportunity.
[42:09.800 --> 42:13.440]  I grew up in Phoenix Chamber of Commerce.
[42:13.500 --> 42:14.920]  I did an externship.
[42:14.920 --> 42:16.280]  It was a two-week experience
[42:16.280 --> 42:19.320]  where we learned from cybersecurity professionals,
[42:19.320 --> 42:22.420]  practiced networking and screening skills,
[42:22.420 --> 42:28.020]  and also created a project with the team and presented that.
[42:28.260 --> 42:34.060]  And most recently, I've been a bright intelligence intern
[42:34.060 --> 42:38.700]  for the Arizona Cyber Threat Response Alliance.
[42:38.700 --> 42:40.480]  I'm a member of the first student group
[42:40.480 --> 42:42.400]  to go through this training.
[42:42.400 --> 42:45.520]  I've learned about cybersecurity and threat intelligence
[42:45.520 --> 42:48.040]  and networked with students and professionals in industry
[42:48.660 --> 42:51.060]  and created a capstone project.
[42:51.060 --> 42:55.560]  And the other students and I will be the founding members
[42:55.560 --> 42:58.480]  of a university intelligence club
[42:58.480 --> 43:02.520]  that focuses on open-source health as a result.
[43:03.220 --> 43:04.520]  Next slide.
[43:08.890 --> 43:12.250]  Awesome. College. Next slide.
[43:12.690 --> 43:18.290]  Look, cybersecurity degrees are very important, in my opinion,
[43:18.290 --> 43:21.530]  because if you don't gain the knowledge
[43:21.530 --> 43:27.330]  in an educational setting or just anywhere to be a practitioner,
[43:27.330 --> 43:31.230]  how are we going to find people with the technical skills to hire?
[43:31.310 --> 43:33.550]  And what I found from many universities
[43:33.550 --> 43:37.070]  when I was college hunting was they either didn't have
[43:37.210 --> 43:41.590]  a cybersecurity degree, only had a cybersecurity minor,
[43:41.590 --> 43:45.170]  or had what they called a cybersecurity degree,
[43:45.170 --> 43:49.590]  which focused on auditing, which is helpful,
[43:49.590 --> 43:53.550]  but our shortage is mainly in the technical ground right now.
[43:53.550 --> 43:57.370]  I have some statistics on that that I can share later on
[43:57.370 --> 43:59.470]  if anyone's interested.
[43:59.470 --> 44:06.350]  So I found it's important that we have a technical cybersecurity degree.
[44:06.350 --> 44:12.010]  And there's a couple of schools I found that have really good technical programs,
[44:12.010 --> 44:14.930]  one of which is Grand Canyon University,
[44:14.930 --> 44:19.090]  that's where I will be attending fall in Phoenix, Arizona.
[44:19.090 --> 44:23.290]  Another one is Dakota State University in South Dakota.
[44:23.350 --> 44:27.170]  Both of these have really good technical programs.
[44:27.330 --> 44:29.010]  And how do we implement them?
[44:29.010 --> 44:35.610]  Well, we need to implement classes that teach forensics or teach ethical hacking
[44:36.270 --> 44:41.350]  and do all of this in the college space so that college graduates,
[44:41.350 --> 44:44.850]  once they're out of college, they can take a job that they graduate
[44:44.850 --> 44:47.910]  and be extremely successful.
[44:48.230 --> 44:49.770]  Next slide, please.
[44:52.060 --> 44:55.560]  And another thing that's important is requiring security coursework
[44:55.560 --> 44:57.020]  in computer science majors.
[44:57.020 --> 45:02.500]  It shocked me when I learned that three of the top 10 computer science programs
[45:02.500 --> 45:06.880]  in the United States don't even offer a center-study class.
[45:06.880 --> 45:10.340]  It's not even an option for people to take.
[45:10.460 --> 45:17.680]  And I believe there's only a few, I believe it's three of the top 36 degrees
[45:17.680 --> 45:21.360]  require a cybersecurity course to graduate,
[45:21.360 --> 45:26.300]  meaning that a vast majority of computer science students,
[45:26.300 --> 45:30.500]  they don't get any cybersecurity training in college.
[45:30.500 --> 45:33.760]  And so they're in the workforce and making all these programs.
[45:33.980 --> 45:37.700]  They don't know how to do it securely. It's just an afterthought.
[45:37.880 --> 45:40.520]  So how do we do this? I think there's two ways.
[45:40.980 --> 45:46.040]  I think we can set up a general cybersecurity course in university
[45:46.040 --> 45:49.860]  that students have to take to graduate in computer programs.
[45:49.960 --> 45:53.060]  And I think we possibly also add a secure coding course
[45:53.060 --> 45:57.440]  that students can learn how to be secure in their programming
[45:57.440 --> 46:00.480]  and how to build programs that are secure
[46:00.480 --> 46:07.160]  so that we don't have these problems in as many of these fields in the future.
[46:07.160 --> 46:08.980]  The next slide, please.
[46:11.360 --> 46:13.600]  So what are the takeaways from this?
[46:13.600 --> 46:17.020]  Obviously, yeah, go back to the takeaways. Thanks.
[46:17.900 --> 46:19.000]  Thank you.
[46:19.240 --> 46:21.300]  So what are the takeaways from this?
[46:22.280 --> 46:26.420]  Essentially, they're not going to be able to do everything I've talked about.
[46:26.420 --> 46:31.500]  And that's okay, because every little effort makes a huge difference.
[46:31.500 --> 46:35.620]  So just a reminder that this is just a framework.
[46:35.620 --> 46:37.580]  It's a possible solution.
[46:37.580 --> 46:40.940]  I may have some really bad ideas on here,
[46:40.940 --> 46:46.760]  and there are probably some really good ideas that I left out and I didn't know existed.
[46:46.760 --> 46:51.440]  This is based on my very limited 18 years of experience in life
[46:52.060 --> 46:57.520]  and how I see the world and I'm sure there are other really amazing resources
[46:57.520 --> 47:02.280]  and ways to solve our workforce gap and get youth interested in cybersecurity
[47:02.280 --> 47:07.460]  that I did not mention, and for that, I'm sorry.
[47:07.900 --> 47:14.640]  But I'm sure that if we all work together, we can find the best solution for this problem.
[47:14.640 --> 47:23.660]  I am around to speak to anyone that has questions or just wants some ideas.
[47:23.660 --> 47:31.020]  I can also refer some other people that I know that are also really good and better than me
[47:31.020 --> 47:33.700]  at recruiting youth into cybersecurity.
[47:34.520 --> 47:39.000]  And so now, can you go to the next slide, please?
[47:40.420 --> 47:44.060]  Thank you so much for coming to my presentation.
[47:44.060 --> 47:48.100]  Do we have any questions?
[47:48.900 --> 47:53.640]  And contact information you can find on the screen.
[47:55.800 --> 47:57.800]  Any questions?
[48:05.090 --> 48:07.470]  Thanks for the class.
[48:08.970 --> 48:10.610]  Great talk.
[48:11.250 --> 48:12.530]  Thank you.
[48:12.530 --> 48:14.490]  Yeah, just more of a comment.
[48:14.490 --> 48:19.050]  I'm really impressed with your experience, specifically with that age.
[48:20.050 --> 48:20.890]  Thank you so much.
[48:20.890 --> 48:22.330]  There's a lot of experience there.
[48:22.330 --> 48:23.530]  That's awesome.
[48:24.810 --> 48:26.550]  Yeah, thank you so much.
[48:26.550 --> 48:27.270]  Great.
[48:32.250 --> 48:36.250]  And I'll be hanging around the VR space.
[48:36.530 --> 48:43.510]  If you have any questions, if you're on Twitch and you have questions, you can find my email in my link.
[48:44.170 --> 48:46.450]  You can email me.
[48:47.150 --> 48:48.290]  I'm also on Twitter.
[48:48.290 --> 48:49.950]  You can message me there.
[48:49.950 --> 48:51.990]  You can message me on LinkedIn.
[48:52.430 --> 48:54.510]  Just send me a text request.
[48:55.690 --> 48:58.010]  Relatively soon, I'll probably accept it.
[48:58.010 --> 49:06.030]  I don't know, but I'll be happy to answer any questions you have.
[49:08.130 --> 49:11.310]  Thank you all for your time.
[49:12.010 --> 49:14.170]  I appreciate y'all being here.
[49:25.430 --> 49:29.310]  Thank you, Meg, Cyber Queen Meg, for an excellent presentation.
[49:29.330 --> 49:31.510]  There's a lot of useful information in there.
[49:31.510 --> 49:37.710]  I will probably contact you later to talk about some of this stuff because I'm interested in the same topic.
[49:38.570 --> 49:39.750]  Everybody hang out.
[49:39.750 --> 49:42.610]  In about another six minutes, we'll have our next speaker.
[49:42.770 --> 49:44.270]  So take a break.
[49:45.370 --> 49:47.150]  Take a bio break, that sort of thing.
[49:47.150 --> 49:49.410]  And we'll see you back here in about six minutes.