Keynote: Brigadier General Ryan M. Janovic

thanks okay just one more time can everyone hear me okay all right um thank you in the back uh i'm gonna take my mask off i hope you're okay with that thank you for the very kind introduction i didn't realize uh we bored you with a biography in the program i'll never do that to you again uh my name is ryan janovic and i'm really excited to be here uh so mark to you to the entire leadership team joy thanks for helping us get in here for everybody uh besides augusta uh here's what i knew about it they said hey sir will you speak at b-sides absolutely i'm in with not a lot of knowledge of what that

meant uh but i was eager based on who asked me in the fact that it came from the team here at b-sides then they came back and said yeah it's the keynote it's about an hour long well you talking to me who talks for an hour uh maybe i will today maybe i won't we'll see how this goes but uh my memory of uh b-sides right the term for me means perhaps something different i look around i'm i'm of the older crowd in the room right who has 45s at home albums of vinyl right okay so you had the little adapter we know what b-sides are that's not what we're talking about here what happened in vegas didn't stay in

vegas augusta is now the third i understand large organization gathering and i think that speaks volumes not only about you who you are your innovative spirit but it speaks a little bit about the magnetism of augusta there are some good things going on in augusta georgia some great things happening up on fort gordon some great things happening in the community it crosses the river uh so that is why i'm excited uh and uh there are some things that uh that i've learned in the couple years i've been up at fort gordon i'll tell you this i've learned more in the last two years of being here than i did in the first three i was here in 1994 to

97. i didn't leave here in 97 thinking i would be back and i certainly didn't believe i'd be back to witness the growth and explosion of what's happening in augusta georgia in the cyber community and in the work that we all do together both privately academia and in industry as well as the government so today i have a few goals if if i can help open up a day of uh technology innovation discussion you could feel it in the room outside if i can help open that up i'm all for it uh i'll try to do three things well i'll talk a little bit about what i've seen in terms of the growth of what's going

on in cyber general fogerty is my current boss lieutenant general fogarty he was here six years ago as major general fogerty standing up here as a speaker and at that time the cyber branch in the army was one uh one year old by way of example yesterday the army cyber organization celebrated its 11th anniversary so i want to talk a little bit about the change because i think it's important i i want to highlight a little bit of what i've learned leading a technical organization so i'm going to spend a little part in the middle of this discussion today hopefully the meat of the discussion providing you my reflections on what i've learned about leading a technical

organization i grew up as an intelligence officer i'm not suggesting that that is not technical or there weren't hard problems to solve in the intelligence field but i've had to challenge some of my preconceived notions and assumptions about the force that i'm honored to be a part of and lead and i think and i hope that some of those observations have parallels in your world and will hopefully be helpful whether you are new to that organization are charged with leading it have been around it or are new to it and coming from the outside of it and then finally a little bit of a reflection about what's going on in the world if you will the world that we

work in in cyber the threat actors that are our adversaries working against us how they might be doing that and close with some challenges where i think we could use your help in the future closing with those challenges in order to uh suggest that as you go out today and talk deeper more deeply about the technology behind some of that the innovative spirit what hackers are into what what problems are the most vexing that you're going to center around and solve uh maybe some of those things are things we uh the army army cyber could work with you on in the future because i think it's clear to all of us in the room that uh things that are

happening against us are not uh solely isolated against the government are not solely isolated against the private sector and there is certainly bleed over and national security risk associated with all of that so those are my goals i hope to do it in a way that keeps people excited i know some people in the room if one of them falls asleep i won't be surprised it happens to me uh every day of the week with a few of these characters uh that are here i do recognize some other faces i'd be remiss if i didn't suggest that i've also been introduced to people already today who are legends in your field so i arrive very humbled uh to be in the

room uh if i can help kick this thing off i'll be very happy i had to take off some of the bling i was starting to to earn i brought some of my own however so as we move forward here uh participation could get you something in return it's um it's not a trick it's not a recruiting tool there are no reenlistment forms in my bag although uh i do have some in my truck so we could get a lot done if we had to there okay i'm in charge of that here we go can anybody tell me and you can use devices can anybody tell me what any one of those numbers mean relative to

the topic i'm speaking on because i'm sure they could be applied to anything okay all you have to do at this point now is raise your hand and guess yes

okay which number are you choosing

okay so um let's see what i got you can pick between medium and large uh what's that well you can give it away it says r cyber here you go okay anybody else thank you sir i appreciate you having the courage to raise your hand uh i would not have anybody help with that introduction yes sir

if that's true we got a bigger problem than i thought uh he left you with a t-shirt medium coffee mug and it says at the bottom this is an antique it says attack defend exploit army cyber we've changed that a little bit but who doesn't like to exploit um thank you sir how about one more

yes oh do you work in said headquarters okay uh meet me halfway you're gonna get uh the remaining t-shirt and two monster drinks

um the beverage of choice in the building that you rightfully identified yeah well now you can share with a friend um so and i do have locks i brought i'm not sure what that's all about but i have a couple now i know uh we'll pick some locks later uh these numbers speak to me where the where the military where the army where the department of va defense invests its money and builds infrastructure you can see its priorities and in this case what we're talking about 1.6 billion dollars is the investment in the new cyber campus portrayed in those renderings that is being built on fort gordon georgia now if if you're been up there there's a big

crane sitting next to signal tower signal towers was there when i moved on on 1994. i never uh imagined we tried to put a you know military intelligence banner over it and play pranks on it and we wanted to paint the water tower or get rid of the semaphore flags well all that's kind of happening and it's happening because of a significant investment in the cyber center of excellence being at fort gordon georgia when general fogerty spoke here six years ago that vision was coming to life this building that he has recently occupied i'll show you in the next picture right that is coming to life the cyber center of excellence coming to life signal towers

regrettably but necessarily will come down and new will erupt and so there's a lot going on 3 36 we'll talk about 16 000 a year is the number of students that pass through the gates of fort gordon to get trained in cyber and signal that's that's significant throughput so there's a paul kraft running the cyber school as an example teaching the newest formations creating new formations and putting them down at the lowest echelons of our army in addition to those that come fight with us inside of army cyber 10 500 the size of the army cyber organization that's military and civilian about half military half civilian and that's in the military that's across all three what we call compos that's

active duty force national guard and reserve so we're the newest branch in our army but we're growing significantly and then 1.4 million anyone want that one yeah no well no um uh what can i give away i can give you my locks um i owe you something i'll i'll take care of that that is um that's the size of the network we in the army are charged to defend 1.4 million endpoints without mobile devices across five continents significant work and so when i talk about being world class it's not just about buildings there's another building okay and it is premier and it is beautiful which we should expect at 336 million dollars but it is

and it's well equipped as it should be to put in the army's cyber force but it's it's a lot more than that while it is a world-class facility what's in it is world-class talent that we're growing training recruiting sustaining retaining right and that's not easy i think all of us would agree in whatever part of the field you're working in that's not necessarily an easy thing the talent competition is significant how do you attract it well the last word there my argument would be what we have that is powerful is our mission whether it's the size and scope of what we do as evidenced by the 1.4 million endpoints whether it's the fact that was mentioned in the kind

introduction that we can do some things that are otherwise not legal uh that we are doing it in a spectrum so from guys in coat closets forward deployed in a very dusty area i visited them about a month ago we have an expeditionary cyber team when we in the army say expeditionary that means spartan you are not eating well well you're kind of eating well depending on where you go uh but you're living in plywood perhaps you've definitely got a roommate uh you all smell bad your days are long your nights are longer you're away from your family we call that expeditionary so an expeditionary cyber team forward deployed not working in this beautiful facility working in the storage closet

in a forward-deployed location with other people's broken equipment and their little rig doing what we've asked them to do on behalf of the commander on the ground they are just as motivated as the men and women who work in this building because of the mission that we're asked to do and i think that's a powerful powerful thing uh i i can tell another story about why i think that mission is what makes these facilities worth the investment in a room with no windows you would expect us to have rooms with no windows right in a room with no windows during an operation lots of folks in there it smells like i tell this story often it smells like

monster uh it smells like body odor it smells like energy i mean it there's a lot going on in here we are crushing uh on a a live mission and i hear somebody who is well regarded in our force well regarded in the field he is a uh what we would at the time call a junior leader a company great leader but he's been around uh both privately and within the army uh in his work and i hear him utter the words this is the best day of my army career and at the time i didn't know how powerful it was and here's what i now know it was the best day in his army career because we

were asked to do something to take an action that was going to have a significant effect and it was otherwise not going to happen unless we had organized the right talent in the right facility and given them the right mission and said we need you to do this solve this problem and have an effect so to me we're very proud of what's happening up at fort gordon there's a lot happening up there when you think of the army cyber formation there are folks in the room raise your hands come on okay i'm not doing that to isolate you i want to do it because we're we are in this conversation and we have talent we want more talent but if you want to

further understand how you can connect to it i have some ambassadors in the room they're here on their own accord um but i think it would be great uh to further explore what that looks like in practice any questions on uh the numbers thank you for participating in the survey uh that's what's going on uh in these buildings now general paul stanton is running the cyber center of excellence he's doing a lot of great work with innovative things general paul kraft is running the cyber school we are expanding how we're attracting talent we have industry partnerships we'll talk a little bit more about what that looks like uh in the middle part of the discussion we are

doing direct commissioning now we're taking folks right out of uh the the private sector and saying world direct commission you as an officer of cyber we have uh civilian uh summer internships that lead to uh further work in the government service so we're trying to expand and and grow the branch in a meaningful way we're creating more structure and by that that's that's saying we're creating more cyber at echelon so that at the expeditionary level you all know that means you're carrying everything on your back at the expeditionary level to the 336 million dollar building level we are going to have cyber expertise it will take a while to grow but that is underway so there's a lot happening

within the force a lot has happened since we last spoke to this group six years ago okay star wars reference um it's a thing right uh i took off some other references i was given a light to wear and it's by somebody i know and i really wasn't sure what i was wearing um so second part of the conversation five lessons okay those are uh duffel bags duffel bags uh stacked at the national training center which is a very desolate nasty part of the california desert that i had in 2009 2010 training a unit to take them to afghanistan for combat operations i took this picture and this picture says a lot of things to

me often but but what i often think about when i look at it are the people that i was charged with leading and honored to be a part of their team well one of the lessons that i've learned now and i use this to help reflect on it as i discuss it with you today i knew everybody in that unit i should i knew their job i had done most of their jobs or could represent them based on my own experience i knew everything in that bag each bag because we told them what goes in it so i i was asked to train this unit lead them into combat i had to train 12 people

to do one job usually you know there's a formation and there's a there's a a team a squad and you're training them to do a task and it's it's very uh well documented well my lesson in cyber is that that is not true cyber is many things it could be what we call the work rule the task that we give you whether you're an uh an online operator a hacker whether you are a coder a developer whether you're a defender it could be the organization that you're assigned to whether you're offense defense development uh could be doctrine right we're but but that that's kind of what you get from us on our table of organization right our

mtos and it could be what you get uh in position descriptions or or hiring actions right here's what we want you to do and it defines it i i think the power is really though and what the passion of the people happens to be i am into coding i am into hacking i am into network engineering knowing what the passion of the organization is is really powerful it could come down to languages i'm a i'm a r i'm a python guy i'm uh or down to devices right i'm uh uh what do i do i'm unix i'm windows right all that's gonna get talked about across the thing so my epiphany was the the organization in cyber

is going to deliver you some things but it's not going to deliver you everything so so what do you do about that well what i think you do is you take inventory right you you start to identify what what do i have and and for me i had to display something called that my term confident vulnerability i did not grow up as a computer science major i didn't grow up in the world confident vulnerability how to ask questions and listen in a way that allows you to sense what's going on in that organization because i would then argue that the next lesson is hard problems and we like to think in cyber we only solve hard problems

require you to rewrite that org chart right the hierarchy is not going to be important to solving hard problems but yet i would offer cyber is not filled with the most extroverted crowd right so it's not naturally going to resolve itself into people coming across boundaries of the organization or out of you know rooms with no windows into further rooms with no windows or out of collaborative spaces and you know it's it's more in our world we i told you we outfitted the building beautifully everyone has monitors and we can all get on skype chat we can do it's more than open bay space and monitors and and and being able to do uh you know skype chat

with your your friends co-workers um it it's about how do you identify that you have these differences what did you do about the inventory you took and then crushing them together because problem solving people you know pick the lock differently to use the b-sides reference right like they're they're you've got to bring different mindsets together to solve problems so this was my early this is my doodling i'm a doodler i apologize for it often uh there's some people in the room that hate it uh max as you saw he he works with me and he hates it this was my early doodle this was early on in my time as part of the the our

cyber team what am i doing to make sure i'm drawing these folks together because we have hard problems and i can't look at it one way it can't be all the defenders in one room talking about a defensive problem that'll get you nowhere it can't be the developers in a vacuum just developing stuff because they want to which they will naturally do right if you give them some time and some money they'll they'll write code to solve problems that might be interesting but not important right it's great energy but how do you focus that on that hard problem and then how do you tune most importantly and i'll admit we are not here yet we we have not

arrived at the nirvana of once you identify the skills and attributes of each of these people what what makes these types of folks tick what makes a you know a sigan or someone who grew up in the nsa enterprise right doing cigant work well there's a mindset that comes with that what they're analytical in a certain way they they like hard problems but they look at them differently developers hackers defenders right there's this group of things how do you recruit that talent what are the skills and attributes that i'm looking for well how do you then tune what you're doing in recruitment to get that that's a hard challenge and i think that challenge is

not unique to the government how how does any organization recruit identify get the right thing within it so that the inventory becomes more wholesome and more rewarding about the type of diversity of thought diversity of background frankly diversity of experience in one room

and i think i don't know hard problem if you're not doing a hard problem then you're probably not earning your pay right like um there are enough hard problems to solve that easy one should be someone else's work my joke would be that's for the navy but um i understand some of you might be associated with the navy that's your own fault okay so uh obviously a picture i did not take myself my technique am i driving you crazy sir by moving okay uh my technique uh has been long to use pictures i took myself because i know what they represent and i don't run afoul of infringement uh but does anyone and i don't have a prize for you but i'll come

up with one anyone know where this location is scarif who said that oh nice good work okay i owe you something too um uh yes it's scarif so what did what did we do what did i learn about taking that doodle and saying i gotta crush these people together i gotta find a way to make the grassroots of this organization speak to the entirety of the organization well i was in a developer's room with a bunch of here's what when i say developers these are the the guys that we say hey we need something built write a bunch of code that's going to solve this problem and we spend a lot of time putting them

together because the brain trust of a group of developers we believe in the power of this kind of bring them all together and this this coalescence of developers will help us solve problems bigger and there is truth in all of that but you know what else the minute you close the door they might solve a problem that again is only important to them we often would take visitors into the development room and showcase the talent and the brilliance and the capability that we had so i've been through there a lot with visitors i went one time on my own and just said hey guys i'm sorry i only come here when vips are visiting i just came today to hang out

and learn and as i'm learning i went around the room made everyone talk i'm on you know say something sorry i don't want to say anything please say something no sir i'm not going to say anything damn it say something um so you shock him into it and a young guy says i remember a time when we used to talk to the teams and for us the teams are where the magic happens right that's where i told you the story of the guy best day of my army career and he didn't know it when he said it but it was an epiphany for me wait a minute we have an entire organization that's charged with building solutions

that isn't talking to the people that need them he said we used to i remember a time and he was only like 20 right i'm like you remember a time um i remember a time but it it struck a chord with me because i remembered a time when i was 20. uh so we created an organization absolute wrong term we created an idea about i'm gonna put three hours on the calendar once a quarter and we're gonna bring together these developers and we're gonna bring together the teams and we'll put out a call for you know papers and ideas and it's going to be teams and developers talking i'll be there you're not briefing me

i might not say anything i do have a lot of questions but you're just going to talk what are we all doing why are we doing it how can we do it better what's the future look like and so true to form whenever you come up with an idea you know you've got a good idea an army cyber if someone gives it a star wars nickname okay so we gave it a star wars nickname i think somewhat apropos uh if i've got scarif right there were some bad things happening on that island we'd like to think we're doing good things over that planet but uh and it was also i think based on a spelling mistake which i think is

common uh for how we name things in cyber as well um but um but there we are so we gave it a name we've kind of tried to keep it weird when we meet these things we're doing them virtually there's people dressed up like characters and all that is really my way of saying look this is not a boardroom meeting this is not a powerpoint briefing this is it's your event the only reason i'm doing it is because i have the ability to bring you together and to and more importantly i have the ability to listen and elevate your good ideas into this organization and so for me grassroots is where it's at in technical

organizations and and what and and nothing in in your meeting structure typically and this is probably true in and out of government nothing in your meeting structure is going to get after this you've got to find a new way to get after this and and there are cool ways like make an open bar you know make you know feed them well give them monster i think all those things are true but but is the leader of the organization my epiphany am i doing my job to make sure that i'm involved in forcing this to happen because it doesn't naturally happen and and not forcing in a way of authority yep we wear uniforms to work it's mostly

because we don't want to make bad choices in what we would otherwise wear my son told me today when i left he goes you're not cool i'm like okay thanks um so uh you know but but am i doing my job are we creating this i think it must be cultivated that's my lesson and i'm sticking to it and i would stick to it outside of um government as well a good friend of mine uh his name is nate uh he ran end game for a while he's still associated with the company uh we talked about this topic we talked about culture uh and i said you know is this i've been i've visited places where the appearance

of grassroots happens he goes no it's not as easy you're it's not isolated to the government and he had come out of the marine corps so he he had a definite point of comparison so my fourth lesson i did not take this picture although uh some in the room would accuse me of being old enough for black and white photography um the reason i use this picture is because of the camouflage net and uh years ago i read a book called spit-shine syndrome chris basford is a great really he studies and is an expert in clausewitz but he wrote a book about the organizational irrationality of the united states field army there's a lot in there there's a lot of

irrational behavior in the army over time he was focused in a certain period of time but a story that has always resonated with me and i've never forgotten from this book i can almost go to the page and say you know you need to read this chapter inspector goes out to a a unit in the field right how effective is that firing crew how effective is that what's the precision the rate of fire and and how secure are they how mobile are they well one of the questions on the checklist is do they have their camouflage properly erected check yes camouflage is up it looks like it's over the thing well the interesting thing about camouflage these days and

the day of his writing was they have two sides one for winter one for summer but the question was an ask is the right side showing up the question was just asked is it erected yes okay well my point is i think that in the security industry we can get drawn into blind compliance pretty quickly are we doing things yes are we doing them the right way wait you just ask me if i'm doing it right we're good at that right the military's good at creating checklists and having inspections we have a cyber readiness inspection that we conduct i've been through them on the receiving end i've watched us now deploy our experts out to check units and uh you

can get an 80 on that inspection that's a good grade right got me through high school um you can get an 80 um you're still wide open to folks like you so you know this compliance idea to me i i i'm struggling as i look at this team i'm with and i'm like why are we we're worried about are we doing this are we doing that what's the outcome it's all about risk right so we're trying to get to this model of you know compliance and risk and how does that balance itself well i think left to its own devices i know this from my 28 years of experience in the army any bureaucracy by definition and

unfortunately you know we are part of one but any bureaucracy there are great things there are reasons bureaucracies exist but after a while they creep towards compliance they they would tend to do things that way well my lesson is i can't allow that to happen in a cyber formation i still need oversight we're still going to behave ethically we have rules and laws and all those things and that's not what i'm talking about i'm talking about disciplined initiative okay disciplined initiative is an idea in the army that says do you know enough to know when your orders are no longer valid and you're now going to do something different do you know enough to identify

when the conditions have changed when there is a new threat or a new opportunity that you can seize and take advantage of rather than wait to be told do we know enough about what's happening at our our borders with with attacks happening to say well i i'm i'm going to move now laterally and defend here rather than wait hey five days later we were penetrated go clean that up wait a minute i'm seeing something happen again and the work that we were doing there was an operation and a young officer saw something as an opportunity identified it acted i was in the room acted did something the threat had changed and in the world that you operate in i

don't imagine there's ever a day that you could be working in cyberspace and not have the dynamic changing by definition it's changing so rapidly that we need folks to have this idea of discipline initiative what i thought i was going to see i'm not seeing or the the network has changed or this threat actor is moving much much faster what used to be a day or two is now hours right so we want this but it's not necessarily easy to achieve when compliance has its attractive nature and i think compliance is something that exists in and out of the military i can impugn myself from my own experience uh about why you tend towards checklist

driven events but creating this discipline initiative to me is something that i think is going to keep us wholly relevant in the space and what you have to do is rather than scrutinize that action of the young officer you need to reward it was it legal was it moral in fact held by a higher authority assuming the risk i held that person responsible for action but i am going to be accountable for the risk if you do that well right judicious risk taking understanding that creating that force that's what we're working on in army cyber because if we don't we'll be too slow to be relevant in some spaces of cyberspace defense and offense right

okay i have no more prizes to give but does anyone know who that is okay gustavo dudamel he is the conductor at that time of the la philharmonic and uh he was playing the violin up until age 18 and he dropped the violin and started to practice the art of conducting and he was somewhat of a prodigy if you will but he could he he was a master he was hired by the la philharmonic in his 20s and and so please don't take away that i think i'm that guy in the middle with the baton that's not the point of this slide the point of this slide are those musicians in the foreground they are masters because they have

practiced yes indeed and i do think that mastery takes time but i'm not saying that if you conduct 10 000 hours of cyber you will be a master i believe that that mastery has to arrive by understanding it to the point where in the words of nina kohlers who is a she's written on innovation and and mastery has come to speak to parts of the department of defense and said you guys have this wrong it's not about how many times did you do it how well do you understand it we'd like to talk about you know think outside the box she would say no no no you have to understand the box so well that you can reconstruct it

and so the picture to me is is a leader the conductor who understands music so well that he can construct it deconstruct it and reconstruct it and and my observation in a technical force is don't get don't get head faked by rank in the military or seniority in an org chart or uh pay levels whatever that you know whether it's your salary or your parking spot don't get head faked by any of that uh there are there are folks that i work with that i listen to that are sergeants first class right that um i listened to above many many people who the organization would have you well but he's a captain he's a major he's a lieutenant colonel

he's a colonel i don't care bobby knows more than some of those people are ever gonna know about cyber there are people in the room bobby just happens to not be here there's some cute smiles in the back like are you gonna mention me no i'm not uh there are people in the middle who are those people to me you ask around about the people i go to talk to throughout the day it's not about rank i get invited to enough meetings with general fogarty i don't need more of them and and if he watches this on youtube i know why those meetings happen we we have a job to do to run this thing

called army cyber but my point is don't don't allow an organization to head fake what's happening at the grassroots the mastery that might have been built people are now coming into our force that have years of experience in private industry that have vaulted them beyond what we would otherwise spend a couple years training and we need to recognize that and take advantage of it it's hard to do we do some things in the military but paul kraft at the cyber center is trying to open those apertures direct commissioning is a is an idea like that these summer internship programs are ideas like that this discourse right between things happening down at the georgia cyber center this university

across the river university of south carolina besides itself these dialogues we've got to continue to do them because this mastery can't be brought about by ourselves we're experimenting with what it looks like to do training with industry at a more rapid rate to rather than say i'm going to send you to one company for one year why can't i send somebody out to a company and work with private industry for three months on a hard problem get around that you know spider web of talent learn what that looks like in practice and bring that back and help us solve heart problems and continue to do that and i think there's benefits to both sides of that relationship so

uh that's that's what i would like to offer in terms of this thinking outside the box is interesting reconstructing the box is important uh and and my my lesson has been i've got to learn enough about the musicians in the foreground where i can collide them together and and make sure that what we're trying to have as an output sounds a little bit more like symphony and less like you know disconnectedness that's that's the effort so okay that's part two episode three oh yes thank you man um episode three uh three phrases taken from a book so the little footnote that's there that says you know it just says hey i read a book and i thought

wait a minute i want to remember these three words i've i've just recently finished this book now it's not hard to read it's a short book but it's very very interesting the takeaway anybody speak russian persian farsi chinese which one what does it say

yeah it's the three three warfares right so thank you um uh russian up top is uh you know the same idea about active measures in the middle uh persian farsi talking about the guardians of the cleric but all these ideas are about the condition we find ourselves i believe today are that we have some adversaries who think completely different about how to challenge the united states you know we've spent 20 years in and counter terrorism uh there's been some recent reflections upon that there's been recent changes in uh our presence and locations uh associated with that along the way we had some adversaries who were thinking how can i best challenge the united states below the level of armed conflict

how can i make this difficult for them how can i start to get them to maybe question the efficacy of their own democracy how can i do things across a broad range in which cyber is an element it's not the only element in these theories of irregular warfare information warfare chinese include legal warfare so these ideas of our adversaries thinking deeply about how to impact the security and social structure of the united states isn't a new thing and and they're running at a pace that i think we would agree is somewhat daunting and we're thinking through what that means at the same time these are significant well equipped countries but the barrier to entry is

low right that is the radio shack in gardez afghanistan 2011. next to the target which has better hours apparently it's open um but the barrier to entry in cyber is now low it doesn't take much right some of some of our adversaries are not large nation states you don't have to be a large nation state in order to compete or cause disruption in this space and i i some observations from that uh perspective the rate at which uh we are discovering uh uh zero days right that the the oh day numbers 66 in a year is that the is that the statistic uh that we could cite that is that happening uh because we're getting better at

detecting them is that hack happening because there are more deployed are they being chained together to make life more difficult can we react to that what's the speed at which that market is uh having an effect so if you look at that big epiphany the second one is ransomware that that everybody in the room has been affected by the united states recently correct and you among many probably know that all too well in terms of the speed at which that is happening now and their targets yesterday uh night i watched a video uh jenna easterly uh talked a little bit about you know sissa she talked about the organization uh but really if you haven't watched it really really cogent

summary about uh ransomware its impact and what we have to do together publicly and privately in order to remain relevant in that space to counter the impact of it but recently hospital targets you know hit lucrative target sensitive data but the speed i think of interest to those in the room the speed at which those things are happening penetrate establish the beachhead expand laterally persist deploy six hours five hours okay how do you combat that how do we combat that that that is uh that is a significant idea and then the idea of uh for us information uh or attribution of information is what are we doing to make sure we're sharing that and so i think there's been a little bit

of a revolution in that idea between the government and private industry the strong important partnerships that the national security and cybercom have the notifications that are occurring uh because the idea of attribution in this space is becoming all the more important all the more difficult to detect but all the more important so from my vantage point uh the world obviously the pace at which our adversaries are trying to impact us the scope with which they're looking at it whether they are nation state or unknown actor whether they're a criminal or someone who has strategic objectives in mind all those things have changed the landscape and i don't think that's going to slow down at any time soon

so a few things and this is where i'm just going to dangle some of these ideas so then the group here can go get their tech on you can go learn about uh i think there's raspberry pi going on there's uh windows management going on there nando's gonna talk about powershell that'll be awesome there's a lot happening in the future i think these are areas where we will have to continue to work together and collaborate you know a lot of you go to a lot of conferences and you hear talk about ai machine learning we talk about it internal to the department of defense department of the army quite a bit but what does it mean when applied how do we

apply the ideas how are we going to apply it to vulnerability research so that we can get faster what are we going to do with the algorithms of defense so that if all the if if everything's being machine written these days or there's a lot being machine written how how do we apply that to get better at active defense so that our algorithms can be relevant faster and we can have the human mind solving other problems but guide this applied or mi al idea into algorithms with the data scientists that are tuned to the organization to mean relevant that's an area i think we're going to have to stay in partnership with trusted cloud solutions uh clearly there's a dod cloud

strategy uh there's a lot in there in terms of what does that look like who secures the cloud who secures what's going on in the cloud right well somebody might secure the cloud but then when you're in it you've got your own conundrum but what does that look like for us how do you ultimately there's you know in the middle there in the information dominance thing we're always going to be in this privacy and security realm this this transparency versus you know do you lock everything down do you keep it open well there's mysteries about the cloud right just this big open thing well no it's probably uh overly secured in some areas and under another's

information dominance and influence that's a term of art for us right now in the army information dominance information advantage uh but what does it look like you know security of elections there's an example there are actors who are trying to influence the confidence in u.s elections what is that what does that look like is that an information campaign does it involve cyber how are we participating in that what does it mean for social media space what do you trust and not trust how do we get along in that space to make sure that we are remaining uh unified in our idea about protecting the election privacy and security is always in balance and then imposing costs put

in quotes because it is again something we talk about is what are we doing in this uh ecosystem of what an adversary is there's a there's a person there's infrastructure right there's there's ideas there's there's support how do you go after that how do you what parts of that are you going to siphon off to have an effect and how do we together privately publicly think about how are we imposing costs on those that are trying to do us harm so there are some areas that i would uh hope you would all take some time to think about what you can do to help us finally i'm going to leave with this this is a picture of a route clearance

platoon well part of it four young men in this case who were getting their combat action badge standing in front of multi-million dollar vehicles that we use to go out and hunt less than multi-million dollar threats to u.s and allied soldiers called ieds these men and others and women went out on the roads of afghanistan every day doing route clearance why did they do it well they did it because of the person on their left and right or the person who's following in the next convoy all to meet the mission the mission they had was to help protect their brothers and sisters at arms well the mission right i go back to where i started i gave out some t-shirts i gave

out some coffee mugs we talked about billion dollars of investment we talked about beautiful buildings and all that is important the two things that i would argue i hope i tried to convey and conveyed well enough the two difference makers the talent and the mission and again this is not an enlistment speech but we're onto something in army cyber we're attracting the right talent we're growing more we're training it we're trying as i talked about to apply making sure we don't fall victim to the wrong things about organizations and create an atmosphere where the mission will attract the talent will provide them the best weapons platform and will continue to work with all our partners put them

out in industry bring them back have dialogues like this spend days weekends talking about what are we going to do together to make sure that we are more secure doing things at a rate of speed that is relevant and uh having an effect and imposing cost on our adversaries i have six minutes remaining before she throws a football at my head what are your questions

oh he has a question yeah

yes are you in capo two or three okay which one okay oh okay just to be clear the national guard since okay so what his question is if you didn't hear it was um and he admits to the fact that he's asking an inside baseball question i think but he's saying what's going on with uh you know how does my plan fit with uh garden reserve national guard u.s army reserve it's a great and fair question and i should have mentioned it earlier in this case i'll give you an example the example is this underneath the operational control of the organization i work for there is a cyber warfare company of the national guard that is fully around you are you on that

team no yeah yeah they're all up there okay so i'm explaining to you who you are but for the rest of the group so we we brought this team out of doing some incredible work in their civilian jobs right i haven't inventoried the new team they're coming in now there's one currently some of them work within the national security apparatus already some of them do pen testing in real life some of them just sit and do coding because that's a hobby but they're trying to get paid for but more often than not it's this really cool unique assemblage of talent that the army might not otherwise have gotten and they have years of experience they

have a level of mastery that is unique and we call them up to active duty for a year and and we bring this company on and we employ them in our fight and they're doing some amazing work this particular the current company is has been uh the cwc the current cyber warfare company of the national guard has been involved in supporting operations and forward-deployed locations every day for the past year and the the if you talk to them their level of morale about what they're doing through the roof they'll stay at work they you don't have to tell them to stay at work you have to tell them to go home right we've moved them a couple times

they don't care they don't care about the 336 million dollar building they want to operate they want to have an impact they want to contribute and they arrive with such tremendous talent so the strategy is we've got a plan where that's going to happen over time where general fogarty meets with the chief of the reserve and the national guard we're talking about what this looks like in the long term so the takeaway for everyone else in the room other than the people who now work for me is this if you want to connect to us we're not a mystery and if we are that's my fault and i'll fix it but if you want to

join the national guard you can still do your civilian job great you know you'll come together a few times a year and one and we might activate for a year of service with joint force headquarters wonderful if you want to go in the reserves if you want to join active duty if you want to see if you can direct commission if you want to enlist again we're doing that at my truck after this um but but there's opportunity and look if we are a mystery if united states army cyber is a mystery to you by way of example i'm with you by way of example there are some folks in augusta georgia who believe that everyone that lives on

fort gordon and i do that we all live in that big building that you see from bobby jones expressway that is a hospital and we don't all live there um uh so but if we're a mystery uh i'm happy to help solve that so if you want to connect with us if you want to be a part of it if you want to see it more you can also at what is it army cyber or army cyber chief the chief of army cyber paul kraft but we got people who will follow up questions my name is uh ryan janovic and ryan.janovic at gmail and if you can't spell genovic i couldn't for the first 15 years of my

life but it's j-a-n-o-v-i-c if i can help you answer any questions that i didn't answer today i'd be happy to i'm out of time okay thank you very much [Applause]