►
From YouTube: The Grant Street Experience: Sylvia Harris
Description
On this episode of The Grant Street Experience, Grant Ervin and Rebecca Kiernan talk to the the City of Pittsburgh's Chief Information Security Officer Sylvia Harris.
A
Hello
and
welcome
to
the
latest
installment
of
the
grant
street
experience.
I
am
your
host
grant
irvin
chief
resilience
officer
for
the
city
of
pittsburgh.
We
have
a
packed
lineup
here
today.
First,
let
me
introduce
our
co-host
rebecca
kiernan
rebecca
good
morning.
A
So
who've,
who
have
you
found
for
us
today,
who
is
the
special
guest
on
the
grand
street
experience.
C
I'm
I'm
great
and
it's
good
to
be
seen.
I
haven't
seen
you
guys
either
for
a
while.
So
so
it's
good
to
see
you
all.
A
We
just
made
our
way
back
up
to
the
sixth
floor
last
week,
so
it's
you
know
we're
kind
of
milling
around
on
the
other
side
of
the
hallway
there,
so
we'll
start
kind
of
bumping
into
you
guys.
I
think.
A
C
So,
actually
you
know
my
my
my
background
is
in
it
infrastructure,
right
and
so
I've
been
with
the
city
for
13
years
and
for
11
of
those
I
manage
the
the
infrastructure
right.
So,
as
you
remember
from
you
know,
when
you
guys
were
part
of
imp,
I
managed
the
back-end
the
servers,
the
storage
routers
switches,
also,
the
front-end
support
desktop
service
desk
tier
one
database,
email
right,
so
so
pretty
much
everything
that
was
that
was
operations
done
that
for
a
very
long
time.
C
And-
and
you
know,
and
in
that
time
run
the
gamut
of
that-
I
also
have
done
security
right,
but
it
wasn't
like
a
dedicated
full-time
right
now,
sometimes
the
the
the
advantage
with
that
is
because
I
didn't
have
a
full-time,
dedicated
program.
C
Security
had
to
kind
of
be
organic
right,
so
as
we
did
programs
or
projects,
it's
like
okay.
Well,
as
we
think
about
this,
we
have
to
think
about
how
the
security
gets
built
in
with
this
right,
which.
C
Is
very
different
from
traditionally
how
security
has
worked
right,
because,
because
typically
you
know,
and
even
when,
when
the
internet
was
built,
was
not
built
with
security
in
mind
right,
so
it
was
built,
and
then
security
was
kind
of
bolted
on
after
the
fact,
and
we
all
know
that
after
factory
add-ons
are
usually
not
don't
work
as
well.
As
you
know,
if
it
was
if
it
was
planned
alongside
so
you
know,
we
do
have
that.
C
We
do
have
that
going
for
us,
and
so
you
know,
I'm
told
that
people
with
my
background
are
are
the
best
for
roles
of
of
cso
right
because
they
understand
infrastructure
and
they
understand
where
the,
where
the
pain
points
are
right
and-
and
they
also
understand
that
it's
not
a
you
know,
because
a
lot
of
complaints
that
you
hear
about
my
types
are
that
you
know
we
we
get
in
the
way
of
people
wanting
to
do
things
right.
So
we
have
to
use.
A
C
Yes
right,
we
have
to
run
this
past
security
and
they're
going
to
say
no
right
and
of
course,
they're
going
to
say.
No,
because
you
know
hey,
what's
going
on
right
is
scary,
as
heck.
A
C
And
so
you
know
you,
you
really
have
to
kind
of
to
be
to
be
really
successful.
At
this
type
of
thing,
you
have
to
be
able
to
align
yourself
with
the
business
initiatives
and
talk
with
people
and
find
out
what
they're
going
to
do
assess
the
risk
present
that
you
know
you
know
find
out
what
type
of
appetite
you
have
for
risk
and
just
be
able
to
make
things
as
safe
as
you
can
right.
C
You
know
for
the
things
that
that
need
to
be
done
so
so
to
to
sum
up
the
answer
to
your
question.
This
is
a
role.
I
guess
that
that,
from
my
understanding
is
something
that
I
have
been
practicing
for
my
entire
career.
A
Talk
a
little
bit
about,
I
guess
some
of
that
arc,
because
you've
seen
a
lot
in
kind
of
your
career
in
terms
of
just
maybe
focusing
on
the
city.
I
guess
in
just
the
last
10
years
the
the
role
of
both
the
internet
and
digital
government
has
effectively
changed
the
way
that
you
know,
businesses
and
local
governments
are
working.
What
what
does
that
mean?
From
from
your
perspective,.
A
C
Because
the
the
possibilities
are
really
exciting
right
when
you
think
about
some
of
the
things
that
that
can
be
done.
What
I
really
like
is
that
you
know
you
see
the
the
people
take
security
more
seriously
now
and-
and
there
is
a
lot
more
buy-in
right-
I've
I've
seen
you
know
a
lot
of
the
adoption
of
some
of
the
things
that
I've
been
trying
to
do
has
been
great,
not
getting
a
lot
of
pushback
from
people.
C
You
know
they're,
taking
it
very
seriously,
and
they
understand
that
you
know
it's
important
that
we
keep
safe.
You
know,
because
nowadays
you
turn
on
the
news,
and
if
it's
not
the
first,
it's
the
second
story,
there's
been
some
big
security
breach
somewhere
right-
and
you
know
you
just
you
just
don't
want
to
be
in
the
news
if
you
can
help
it
right
and
so,
and
so
it
it
it's
good
that
people
are
taking
it
seriously,
and
I
think
that
that
really
kind
of
has
been
part
of
the
evolution.
C
A
You
know
so
like
the
the
conversation
around
smart
cities
and
sensors
and
all
of
the
you
know
the
push
to
data
right
was,
you
know
you
saw
that,
probably
about
really
maybe
a
decade
ago,
these
the
advent
of
these
technologies
come
along
is
the
malware
and
the
the
problems.
Do
they
happen
concurrently
or
are
they
after
the
fact?
Are
people
scheming?
You
know
beforehand,
they're.
C
Scheming
constantly
right,
you
know
the
the
thought
that
the
bad
guy
is
some
kid
sitting
in
his
mother's
basement.
Wearing
a
hoodie.
It's
not
you
know.
They
are
very
organized
shops,
people
that
go
into
work
every
day,
just
like
you
and
I.
A
C
They're
hands-on,
it's
not
a
bot.
You
know
some
of
these
attacks
are
targeted,
so
it
goes
on
constantly.
You
know
there
are
constant
sprays
trying
to
identify.
You
know
some
vulnerabilities
and
things
like
that.
So
you
know
it's
it's
it's
not
something
that
comes
after
the
fact.
It's
something!
That's
always
it's
always
there
and
that
you
know
kind
of
goes
back
to
the
point
that
you
know
that
I
was
making
in
the
beginning
that
it's
very
helpful
if
you
can
have
security
involved
as
you
build
these
things.
C
B
C
Yeah,
that's
that
that
that's
a
great
question
so
and
you
know,
unfortunately,
a
lot
of
times
we
are
kind
of
behind
the
eight
ball
on
this
right,
because
you
know
you
find
out
about
it
once
it's
happened.
You
know
there
are
some
things
that
you
can
put
in
place
to
to
try
to
help
catch
these
things
before,
but
mostly
you
know.
I
subscribe
to
different
newsletters
security
blogs.
C
You
know
there
is
the
msi
sac,
which
is
the
multi-state
information
sharing
an
analysis
center,
which
is,
you
know,
affiliated
with
the
fbi
and
cesa,
and
so
you
know
they
have.
They
have
this
analysis
center.
They
have
a
sock
or
security
operations
center
that
gathers
all
this
information
and
they
try
to
get
it
out
to
us
as
quickly
as
they
can
once
they
hear
hey.
This
is
happening
or
this
is
expected
and
here's
what
you
can
do
to
to
try
to
mitigate
it
right
now.
C
So
that
means
that
I
get
a
lot
of
information
every
day.
There's
a
lot
to
sort
through,
and
then
I
have
to
figure
out.
Does
this
apply
to
us
right
because
if
they
say
okay
well,
there's
an
impending
attack
on
giraffes?
You
know
I
had
to
throw
giraffes
out
there
for
you
grant.
You
know,
then
then
I
need
to
know.
Do
we
actually
have
giraffes
you
know
does?
Is
that
threat?
You
know
pertinent
to
us
right,
or
is
it
just
something
that
I
file
away
in
case
we
get
a
giraffe
later
right.
A
And,
and
so
that
information
I
mean,
like
you
said
it,
it's
it's
voluminous
right,
it's
it's
coming
constantly
because
there's
always
a
new
evolution
of
a
of
a
new
threat.
I
mean
what
are
some
of
the
things
that
you
know
both,
I
guess
on
the
organization
or
on
the
architecture,
side
that
that
can
help.
You
know
bolster
against
those.
C
Yeah,
that's
that's
the!
That
is
the
question
that
I
needed
to
hear
right.
So
so
I,
if
I
had
to
say
the
most
important
thing
that
you
can
do.
The
most
important
thing
that
you
can
do
is
cyber
security
awareness,
training
right
because
you
know
99
of
these.
These
breaches
that
you've
seen
started
with
somebody
clicked
on
something
that
was
malicious
or
got
socially
engineered.
Somehow
right,
and
so,
if
you
get,
you
know
that
awareness
training
out
there
where
people
recognize
you
know,
look
at
the
url
before
you
click
on
it.
C
It's
probably
not,
but
the
way
that
you
tell
you
know
because
as
these
as
these
threats
evolve,
they
get
more
more
sophisticated
all
the
time
right.
So
you
don't
always
necessarily
have
the
misspellings
and
and
the
bad
grammar,
and
things
like
that.
So
there
are
certain
things
that
you
know
that
we
try
to
train
users
to
look
for
and
to
be
aware
of.
You
know
as
they
go
about
their
you
know
their
day-to-day
duties.
A
What
about
on
the
other
end
too,
I
mean
you
said
like
this:
is
there's
people
getting
up,
go
going
to
work
and
and
are
behind
some
of
these
threats
I
mean:
what's
the
I
mean
not
that
you
know
you're,
you
have
intel
in
the
criminal
mastermind
world
but
like
what
is
what
are
some
of
the
motivations
or
or
why
the
malicious
behavior?
I
guess.
C
C
You
know
it's
it's
it's
about
it's
monetary
right.
A
lot
of
it
is
monetary,
and
you
know
a
lot
of
the
money.
You
know
you
have
these.
These
ransomware
attacks,
where
they
demand
money
and
that
money
goes
to
fund
some
pretty
seedy
things
right.
You
know
terrorists
and
and
human
trafficking,
and
things
like
that
right.
So
so
a
lot
of
it
is
monetary.
C
Some
of
it
is
nation
state.
You
know,
so
you
know
those
kind
of
things.
I
can't
launch
this
war
on
your
shores.
However,
I
can
disrupt.
C
A
And
in
many
cases
you
know
you're
you're,
on
the
front
lines
like
local
governments
are
on
the
front
lines
of
this
behavior.
In
terms
of
I
think
about,
you
know
the
scenarios
in
what
was
baltimore
and
atlanta,
and
you
know
you
saw
them
being
some
of
the
er
cities
being
like
the
early
targets
in
terms
of
some
of
the
you
know,
particularly
like
the
nation
state
activity,
what
what
has
happened
since
some
of
those
events
in
across
the
industry.
I
guess
here
both
domestically
and
abroad.
C
So
I've
seen
a
lot
more
collaboration
right.
You
know,
because
we
see
this
happening
a
lot
and
and
like
I
said
you
know
the
the
msi
sac
types
and
sisa.
You
know
they
they
they
are
kind
of
branching
out
to
not
just
include
government
right,
you
know,
and
and
if
you
remember
we,
we
attended
a
cyborg
right
a
few
years
back
and
we
talked
about.
C
You
know
how
great
it
would
be
if
we
could
stand
up
like
a
collaboration
between
the
government
sector
and
the
private
sector
and
stand
up.
You
know
a
nice
act
like
that
to
to
you
know
because
they're
seeing
those
attacks
too
right,
but
they
don't
necessarily
it
doesn't
necessarily
get
publicized.
I
think
as
much
as
as
as
with
government,
but
it's
it
it
still
does.
So
the
collaboration
is
what
I've
seen.
That's
that's
really
kind
of
key
right.
C
If
you
know
it
happened
to
you-
and
you
know
you
saw
this
and
you
report
it
or
somehow
or
other
we
collaborate
and
talk
about
hey
here's,
what
we
here's,
what
happened?
Here's,
what
we
did,
here's
kind
of
a
playbook.
Maybe
you
can
take
a
look
and
see
maybe
they're
already
in
your
environment.
Maybe
you
can.
You
know
there
are
here,
are
some
things
that
you
could
do
to
mitigate
and
really
just
kind
of
just
like
with
anything
else.
Communication,
communication,
communication
right.
A
You
say
that,
like
just
from
like
the
resilience
point
of
view
like
we
have
seen
more
and
more
and
been
a
part
of
it,
you
know,
through
the
city
of
pittsburgh,
been
a
part
of
these
types
of
city
to
city
collaborations
and
like
the
networking,
the
network
building,
and
how
important
you're
right
on
about
that
like
how
important
it
is
for
cities-
and
you
know,
local
government
professionals,
to
share
this
information
to
help
kind
of
build
capacity,
but
to
also
like
learn
from
failures,
as
well
as
the
successes.
C
You
know,
failure
and-
and
I
kind
of
talked
about
this-
a
little
bit
with
david
finer
right.
We
have
to.
We
really
have
to
redefine
how
we
look
at
failure
right,
because
failure,
failure
really
is
a
is
kind
of
a
fact-finding.
C
C
Is
you
know
when
somebody
you
know
if
you,
if
you've
misplaced,
something
right
and
and
you're
looking
for
it,
and
you
say
it
was
in
the
last
place
that
I
looked
right
or
it's
always
in
the
last
place
that
I
looked
and
she's
like.
Of
course
it's
in
the
last
place,
you
look,
you
found
it.
Why
would.
C
Just
no
right,
but
you
know,
if
you
you
know,
if
you
kind
of
talk
about
you
know,
say
it's
your
keys
right
and
you
misplace
them
and
you
go
to
where,
where
the
last
place,
you
thought
they
were
and
they're
not
there
right.
Then
you
don't
stop
and
go.
Oh,
my
god.
I'm
a
failure.
I
don't
deserve
to
have
a
car,
no
you
just
they
weren't
there
and
you
go
and
you
look
somewhere
else
right
and
then,
if
you
look
there
and
they're
not
there,
then
that's
not
a
two-time
failure.
C
Where
you
really
don't
you
know
you
just
you
keep
looking
and
it's
part
of
process
and
you've
eliminated
the
places
that
right
that
that
they
aren't
until
you
find
them
and
if
we
kind
of
think
about
failure,
you
know
redefine
it
in
a
way
that
you
know,
did
you
fail
or
did
you
learn
something?
Did
you
learn
what
not
to
do
and
how
to
better
refine
that
process?
I
think
you
know
I.
I
think
that
that
would
be
helpful
for
for
a
lot
of
people,
maybe
just
that
kind
of
mindset
boost.
A
It
happens
constantly,
it
happens
every
day
and
every
project
there's
something
that
you
know
slips
up,
doesn't
go
the
way
that
you
thought
it
would
and
you
have
to
go
back
to
the
drawing
board,
re-engineer
it
and
keep
pressing
forward.
Yeah
yeah
rebecca
you
were
a
part
of
a
a
project
that
we
helped
to
lead
with
sylvia
a
couple
years
ago.
I
wanted
to
relive
this
a
little
bit
with
the
100
brazilian
cities
initiative
and
and
our
friends
at
microsoft
through
the
platform
partnership.
A
B
Yeah,
so
we
we
had
an
opportunity
to
get
some
free
technical
services
from
microsoft
who
came
in
and
did
a
this
tabletop
exercise
with
us
and
ran
a
scenario
of
so
this
is
how
I
got
excited
about
cyber
security,
which
I
had
never
thought
about
before,
but
they
ran
a
scenario
of
like
compounding
stressor
events
that
then
led
up
to
so
like
so
to
get
specific
about
it.
There
was
a
if
you
remember
a
couple
years
ago.
B
There
was
this
whole
clown
issue,
so
there
were,
the
police
were
busy
looking
for
clowns,
clown
events,
civil
unrest
and
a
protest
happening
in
oakland
and
then
all
of
a
sudden,
the
city
county
building
had
this
emergency,
where
the
the
city
county
buildings
was
a
gas
leak,
it
was
the
heat
yeah
and
it
had
been
infiltrated
via
a
cyber
security
attack.
B
But
basically,
your
all
of
your
services
are
stressed
with
all
of
these
other
events
and
then
there's
this
big
coordinated
attack
against
a
building,
or
it's
super
interesting
but
yeah
running
through
all
of
those
exercises
and
then
understanding
the
way
that
they
they
specifically
the
communications,
are
done
so
that
you're
not
disclosing
too
much
information.
B
It's
yeah,
it
was
really
fascinating.
I
don't
know
sylvia
if
you
have
any
other.
You
know
thoughts,
thoughts
on
on
on
that
exercise.
C
Yeah,
I
I
thought
it
was
great.
You
know,
because
we
were
able
to
include
other
departments
and
agencies.
You
know
with
it
and
talk
about
you
know,
hey.
Well,
you
have
these
resources.
What
would
you
do
you
know
say
we
didn't?
We
don't
have
a
plan
and
we're
not
in
communication
with
each
other.
What
would
you
do
in
this
instance
right
and
that's
really
kind
of
a
you
know
when
you
talk
about
itil
and
and
some
of
the
guiding
principles,
the
start
where
you
are
right,
so
you
have
a
mobile
command
truck.
C
Where
would
you
put
the
mobile
command
truck
under
these
circumstances?
How
would
you
man
it
you
know,
and
then
that's
kind
of
how
we
start
gathering
some
of
that
information
that
we
can
use
in
the
event
that
you
know
clowns,
start
appearing
from
the
woods
and
there's
a
gas
leak
at
the
same
time
and.
B
I
thought
it
was
really
interesting,
just
in
the
scenario
itself
which
had
been
pulled
from,
I
think
something
that
that
actually
happens
at
microsoft.
I
don't
I
mean
some
of
the
events.
Were
you
know,
compounded
together,
but
the
the
gas
leak
is
something
you
don't.
You
know
in
a
world
that
everything's
changing
to
like
internet
of
things.
You
know
messing
around
with
that
with
that
gas
system.
I
think
you
know
four
years
ago
was
something
that
that
wasn't
really
thought
about
in
terms
of
cyber
security.
It
was
more
about.
C
Right
right
I
mean
you
know
you
you,
when
you
think
about
disasters
and
emergencies,
they
can
run
the
gamut.
I
mean
you
know
it
doesn't
have
to
be
that
the
building
has
become
a
smoking
hole
for
it
to
be.
C
You
know,
for
it
to
be
considered
disastrous
for
us
right
right,
so
yeah
it
was,
but
it
was
great
that
they
had
all
of
those
things
happening
at
one
time,
because
it
kind
of
made
you
think
if
any
one
of
these
scenarios
were
to
happen,
what
would
you
do
and
what
do
you
need
right,
or
how
do
you
think
through
this
type
of
thing?
And
what
do
you
do
if
a
bunch
of
things
all
go
wrong
at
one
time
right?
C
How
do
you
you
know,
because
one
of
the
things
that
we
did
talk
about,
that
a
lot
of
people
don't
think
about
when
you
have
situations
like
that,
a
lot
of
times
you
know
people
their
their
human
nature?
Is
that
you
you're
going
to
be
more
worried
about
your
family
you're
going
to
be
concerned?
You
know
you,
you
may
not
necessarily
be
you
know
your
your
first
thought
might
not
be.
How
do
I
secure
the
you
know
this
your
first
thought
might
be.
C
I
got
to
go
pick
up
my
kids
from
daycare
or
you
know
those
types
of
things.
So
how
do
you
allow
for
for
that
for
the
human
element
as
well?
You
know
when,
when,
when
dealing
with
this
type
of
stuff.
A
It's
it's
super
critical
and
you
know
I
mean
that
that
was
a
tabletop
exercise.
We've
been
going
through
a
a
real
life,
tabletop
exercise
for
the
last
18
months
or
so
I'm
I'm
interested
from
your
perspective.
Could
you
talk
a
little
bit
about
you
know
the
impact
of
the
the
pandemic
on
the
I.t
space
in
the
city,
but
also
I
mean
you
guys
did
some
really
heroic
stuff
in
terms
of
moving
the
city
to
a
virtual
platform
in
literally
hours.
C
Sure
it
is-
and
you
know
this
is
something
that
you
know.
I
mentioned
a
little
bit
earlier
about
itil
right
and
you
know
a
lot
of
those
those
principles
we
kind
of
use
right.
Like
start
where
you
are,
what
kind
of
equipment
do
we
have?
How
can
we
get
this
deployed?
How
do
we
get
people
out
of
here
as
quickly
as
we
can?
And
you
know
everyone-
and
I
don't
know-
and
I
and
I
talk
about
this-
for
anybody
who
will
listen?
C
You
know
the
entire
department
is
itil,
v4
us
trained
and
certified.
This
was
an
effort
that
we
went
through
two
years
ago.
I
do
have
a
case
study.
I
will
send
you
a
copy
of
the
of
the
paper
that
we
did
sorry
about
the
lighting
here.
There's
it's
raining:
cats
and
dogs
outside
and
so-
and
I
was
sitting
here
by
the
front
door.
I
had
to
close
the
door
and
that
was
kind
of
my
lighting,
so.
C
Yeah,
so
it's
not
like
there's
some,
you
know
clown
showed
up
and
so
didn't
want
you
to
think
that
right,
but
yeah,
we
we,
you
know
working
as
a
team.
You
know
we
use
those
principles
to
kind
of
you
know,
because
if
you
recall
there
was
some
challenge
as
far
as
cross
cross
team
collaboration
right
and-
and
so
it
required
a
lot
of
that
for
us
to
be
able
to
to
pull
off
getting
everyone
out
of
there
in
a
timely
fashion
right.
C
So
you
know
I
I
I
attribute
a
lot
of
it
to
the
to
to
the
whole
itil
practice
that
we
have
has
become
part
of
our
dna,
and
you
know
the
heroics
of
the
the
hard
work
of
everyone
in
the
department.
It
took
everybody
in
the
department
to
be
able
to
to
pull
this
off
and-
and
you
know,
kudos
to
all
of
them.
A
Yeah,
it's
amazing,
I
mean,
and
so
I
guess
going
into
that,
like
we
had
that
the
infrastructure
in
place
by
and
large
right
in
terms
of
managing
a
virtual
platform.
Do
we
have
you
know
all
of
the.
I
guess
the
question
I'm
looking
for
is
like
how
did
how
did
it
change
if,
at
all,
in
terms
of
working
from
a
physical
centralized
office
environment
to
being
in
a
distributed
kind
of
virtual
environment.
C
So
we
had
a
lot
of
the
pieces
in
place.
You
know
you're
correct.
We
just
had
to
kind
of
expand
it
quickly
right
as
quickly
as
we
could.
You
know
really
the
biggest
challenge
other
than
like
physically
getting
the
equipment
to
the
users
on
that
door
opened
itself
back
up.
I
don't
know
anyway,
you
know
the
biggest
challenge
you
know,
aside
from
getting
the
the
equipment
to
the
users.
C
Is
you
know
that
was
kind
of
when
we
had
to
step
up
the
cyber
security
awareness
training
right,
because
now
you're
you're
off
site
people
are
using
their
own
computers
right,
they're,
vpning
back
in,
and
so
when
you're
on
prem
I
can.
I
can
help
protect
a
little
bit
better
when
you're
off-site
right
and
you're
using
your
own
equipment.
C
Now
I
have
to
kind
of
train
you
into
you
know,
make
sure
you're
running
windows
updates,
make
sure
you
have
a
good
antivirus
make
sure
you
know
that
you're
you're
doing
the
due
diligence
that
maybe
you
weren't
doing
before,
and
you
certainly
weren't
used
to
doing
it
at
work,
because
we
do
it
for
you
right.
A
C
And
so
you
know,
I
I
you
know,
and,
and
we
do
have
things
you
know
we
have
vpns
and
and-
and
we
have
all
of
that
kind
of
thing-
don't
get
me
wrong.
It's
just
when
you
have
folks
that
are
are
working
from
their
home
machines
and
they're
doing
a
lot
of
that
work
there
in
the
cloud
you
know
keeping
them
from
clicking
on
the
wrong
thing
and
infecting
their
machine.
C
That's
where
that's
kind
of
where
the
challenge
is
right,
because
if
you
bring
your
own
device
in
and
you're
connecting
to
the
network,
then
I'm
gonna
force
certain
things
onto
your
machine
to
make
sure
that
it's.
You
know
that
it's
compliant
with
with
what
it
should
be
interesting,
you're
working
from
home,
right
and
and
it's
your
machine
right
and
and
most
people
when
they're,
using
their
machines,
they're
they're
working
as
an
administrator
right,
terrible
thing
do
not
log
in
as
an
administrator
on
your
own
machine
login
as
a
regular
user.
C
If
you
have
to
install
something
use
that
administrative
credential,
because
most
of
these
most
of
these
malicious
threats
are
able
to
to
spread
across
your
machine
because
you
are
an
administrator
right
and
so
they
get
in
under
your
credentials,
they
have
full
reign
of
everything.
That's
happening
on
your
machine
is.
A
It
a
best
practice
and
not
that
it's
possible
for
everyone,
but,
like
you
know,
to
keep
devices
separate
like
your
work
devices,
personal
devices
home
home
devices
like.
C
Yeah,
if
you,
if
you
can,
if
you
can,
if
you,
if
you
can
do
that,
then
yeah,
that
would
be
a
good
practice
or
or
just
a
separate.
You
know
it
doesn't
have
to
be
a
full
computer.
It
could
be
a
separate
device.
You
know
where
you
could.
You
know
where
you
get
an
ipad
or
something
like
that
where
you
could
use
you
could
connect
through
to
a
virtual
machine
right
where
we
would
where
we
would
be
able
to
separate
what
you're
doing
work
wise
from.
What's
on
your
personal
machine?
A
Right
like
that,
you
can
get
all
your
information
on
multiple
devices
or
you
know,
work
from
your
television
screen
or
you
know
you
have
a
separate
ipad,
a
laptop
whatever,
but
yet
that
is
the
antithesis
to
good
security.
Is
that.
C
Yeah
again,
it's
a
nightmare,
however
great
opportunity,
though
right
I
mean
you
know
the
the
idea
is
information
communications
you
know
being
able
to
to
collaborate
being
able
to
accomplish
your
goal
right
and
and
so
and
and
we
talk
about
right,
the
the
the
days
when
it
was
here-
grant
here's
your
great
pc-
I
think
it's
great
see
ya,
see
you
later
breaks
right
and
you
know
so
and
and-
and
it
might
be
great
to
me
because
I'm
a
tech
person
and
it's
you
know
it's
the
fanciest-
it's
got
the
newest,
you
know
wizzily
bobs
and
all
of
that
kind
of
thing.
C
And
and
what
kind
of
equipment
you
need
and
how
do
you
travel?
Are
you
left-handed?
I
mean
you
know
that
all
of
those
things
never
bothered
to
ask
you
that
I
just
gave
you
the
best
biggest
best
greatest
tech
that
there
is,
and
I
walked
away
with
a
big
smile
on
my
face
because
I
know
you're
gonna
do
fantastic
things
and
you
can't
even
figure
out
how
to
turn
it
on,
because
it
is
so
new
right
that
you
just
wave
your
hand
across
it.
But
I
didn't
mention
that
to
you
as
I
walked
away
in.
A
A
Just
a
quick
story
with
I,
I
have
the
the
microsoft
surface
that
I'm
using
right
now
and
you
know
I
I
had
not
that
I'm
looking
for
help
right
now.
Paul
super
hooked
me
up
but
like
screen
froze
and
I'm
like
you
know,
there's
no
there's
no
control
alt
delete
couldn't
turn
off
like
how
do
you
take
off
the
battery
like
it's
designed
to
be
sleek,
and
you
know.
C
C
Doesn't
mean
we
need
them
or
we
have
a
use
case
for
them
right.
We
need
to.
We
need
to
make
sure
that
we
understand
what
the
business
is
trying
to
do
and
then
we
start
aligning
the
attack
right
and
and-
and
we
did
a
lot
of
that
with
we
call
persona
management
right.
So
we
so
we
went
around
two
different
departments
and-
and
we
kind
of
looked
at
you
know
hey
what
are
you
doing?
What
do
you
need?
C
What
kind
of
you
know
what
kind
of
tech
do
you
need
to
have
and
we've
started
to
build
different
personas
based
on
you,
know
the
departments
and
and
the
different
roles
that
people
have
so
that
we
can
get
a
better
idea
for
what
is
it
that
you
need
and
not
hey?
I
brought
you
the
the
newest,
look,
the
newest
lenovo
yoga,
it
spins
around
360
degrees,
and
you
can
the
pen
pops
out
and
you
can
use
it
as
what
are
you
going
to
do
with
that
right?.
C
Exactly
exactly
ride
horses
and
run
in
the
park,
you
know,
but
is
it
but
is
it
functional
and
does
it
does
it
help
you
to
do
what
it
is
that
you're
trying
to
do.
A
Rebecca
I'll
be
interested
from
your
experience,
not
that
you're
looking
for
any
free
it
advice
from
sylvia,
like
just
as
a
as
a
user
in
the
in
this
virtual
environment.
What's
the
transition
like
been
from
you
for
you
from
going
from,
like
you
know
the
office
environment
to
the
virtual
environment
and
now
starting
to
transition
into
like
a
hybrid
space
like?
What's
your
experience
been
like.
B
I
mean
it's,
it's
been
pretty
smooth,
I
haven't
noticed
a
whole.
There
hasn't
been
a
whole
lot
of
issues
with
the
tech
itself,
but
what
I
have
noticed
is
a
lot
more
emails
that
seem
really
suspicious.
B
Like
what
I
so,
I
got
a
really
sophisticated
one
or
two
of
them,
and
because
it
takes
me
a
long
time
to
respond
to
emails,
I
noticed
them
both
in
the
same
day,
even
though
they
were
sent
separately,
two
emails
with
the
same
wording
that
are
sent
by
allegedly
partners
of
ours,
but
different
people,
and
it
looked
like
someone
once
I
realized
it
was
the
same
letter
and
click
here.
It
looked
like
somebody
had
just
taken
like
the
the
signature
and
screenshot
it
and
stuck
it
into
an
email.
B
So,
like
I
only
didn't
click
on
it,
because
I
noticed
two
of
them
at
the
same
time
and
thought
they
were
strange
with
the
same
heading
so
like
what
sylvia,
what
is
like
the
volume
of
instances
like
that
or
or
of
like
threats
that
you're
seeing
like
on
a
on
a
day-to-day
basis
and
like
what
happens?
If
I
click
on
something
like
that?
Okay,
do
I
ruin
the
entire
city's?
You
know
servers
or
or
whatever
you
could
so.
C
So
to
answer
the
first
question:
we
could
see
hundreds
of
those
in
a
day
we
we,
we
could
see
none
in
a
day
right.
It
depends
it's
a
cycle
right,
and
so
you
know-
and
I
get
a
report
monthly,
I'm
to
say
average.
We
probably
see
150
of
them
in
a
month.
C
There
are
some
weeks
that
we
see
that
much.
You
know
when
it
gets
to
be
around
holidays
and
things
like
that.
You
know
because
people
are
on
vacation
or
out
of
the
office
and
they're
just
kind
of
trying
to
click
through
email
and
get
through
and
they're
really
not
paying
attention
as
much.
C
So
we
can
see
a
lot
of
those.
We
do
have
some
protections
against
some
of
it,
but
there
are
still
some
that
that
that
do
get
through.
So
the
second
question:
what
happens?
If
you
click
on
it,
it
depends
on
what
it
is,
but
it
kind
of
brings
us
back
to
some
of
the
big
ransomwares
and
infiltrations
that
we've
seen
in
the
news
over
the
last
several
months.
C
Most
of
those
were
social
engineering
or
someone
clicked
on
something
that
then
caused
this
this
this
ransomware
to
be
able
to
take
home
wow.
That's
that's
how
those
begin
right,
because
you
click
on
them
and
download
something
to
your
machine
or
you
click
on
it,
and
it
asks
you
to
sign
in
here
right.
Free
ice
cream,
just
put
your
credentials
in
right
who
doesn't
want
free
ice
cream,
and
so
now
they
have
your
credentials
and
then
they
they
use
that
to
log
into
your
account.
C
You
don't
know
that
they've
logged
into
your
account
because
they
have
your
password,
so
your
password
didn't
have
to
get
reset
or
any
of
those
kind
of
things
they
can
set
rules
on
your
mailbox
right,
so
they
set
a
rule
on
your
mailbox
for
every
email
that
comes
in
forward
it
to
bad
guy
yahoo.com
right
and
you
don't
know
that
that's
happening
right.
So
you
know
those
are.
C
Those
are
some
of
the
things
that
that
have
happened,
that
we
have
seen
in
in
blogs
and-
and
you
know
in
our
in
our
travels
with
you,
know-
here's
here's.
What
to
look
for-
and
here
are
the
types
of
things
that
you
might
see-
those
are
the
possibilities
of
of
things
that
can
happen.
A
C
A
Oh
man,
that's
crazy.
What's
I
just
had
a
couple
more
questions
that
just
come
up.
One
is
how
have
you
seen
the
the
needs
of
in
the
skill
sets
of
staffing
change
over
time
in
terms
of
like
you
know,
the
different
capabilities
I
mean
you've
seen
it
in
your
own
career,
in
terms
of
just
where
you
started
and
how
you
kind
of
evolve
and
build
on
it.
But
you
know
in
a
managerial
role.
C
Yeah,
so
you
know
when
we
we
talk
about
the
the
evolution
of
the
tech,
the
tech
guy,
right
or
gal.
You
know
where
I
bring
you
your
machine.
You
know
you
remember,
saturday,
night
live
the
character
that
jimmy
fallon
was
the
computer
guy
move
right,
so
that
I
mean
and
that
pretty
that
pretty
much
was
us
right
or
or
any
I.t
shop
right.
So
you
you
you,
you
can't
be
that
guy
anymore
right,
you
you
have
to.
You,
have
to
have
some
of
the
soft
skills
right
and
by
soft
skills.
C
I
mean
you
know,
communication
being
able
to
write
emails,
collaborate
with
others,
you
know
kind
of
gone.
Are
those
days
of
you
know
the
tech
guys.
You
know
the
the.
I
call
them
the
knuckle
dragging
text
and
I
say
that
affectionately.
C
C
C
You
know
you
can
have
the
same
thing
happening
with
the
backhand
right
and
if
you
have
the
backing
guy,
the
infrastructure,
guys
who
are
building
the
servers
and
the
switches
and
all
of
those
kind
of
things,
but
they
don't
really
know
what's
going
on
out
in
the
field
because
they
never
work
or
talk
with
those
people
right
then
you
know,
then
they
they.
They
have
no
way
of
understanding
if
the
systems
that
they
built
are
actually
producing
the
results
that
are
needed.
A
That's
interesting,
so
it's
become
a
more.
The
I.t
space
is
becoming
an
even
more
dynamic,
a
dynamic
space
not
only
from
a
technology
standpoint
but
from
the
human
interaction
standpoint.
C
Yes,
yes,
absolutely
absolutely,
and
you
know,
if
you
think
about
the
whole
evolution
of
I.t
and
I'm
not
trying
to
date
myself,
you
know
like
I've
been
around
since
iit
was
invented
or
anything
like
that.
But
you
know
when
you
look
at
that
evolution
it
did
it
started
out,
as
here
is
this
device
that
you
can
figure
out
how
to
do
things
with
it
right
now
that
has
evolved
to
what
are
the
things
that
you're
trying
to
do,
and
now
we
can
innovate
by
giving
you
the
tech
to
do
that
right.
Was
there
an
inflection.
A
C
I
I
think
that
I
think
it
was
more
gradual,
but
I,
but
I
think,
where
it
kind
of
it
it
it
kind
of
really
turned
the
corner.
For
me.
I
had
you,
remember
the
old
palm
pilots.
A
C
Okay,
so
I
had
a
palm
pilot
right
and
it
was
like
yes,
this
great
piece
of
tech,
but
you
know
they
would
tell
you.
There
are
certain
things
that
it's
just
not
good
at
right
and
they
would
tell
you
like:
don't
keep
your
recipes
on
it.
Keep
that
you
know
the
the
index
card
recipe,
because
you
know
these
pom-poms,
that's
just
not
the
it's
not
the
best
thing.
You
know,
that's
not
the
best
use
for
it,
and
then
apple
came
along
right
with
the
first
iphone
and
that
is
kind
of
where
it's
like
wow.
C
So
now
you've
got
the
iphone
where
you
can
take
pictures
and
you
can
keep
your
your
recipes.
Not
only
can
you
keep
your
recipes,
you
can
stand
the
phone
up
on
the
stand
while
you're
in
the
kitchen,
and
you
can
cook
while
you're.
You
know,
while
you're
scrolling
and
talking
to
somebody
and
playing
your
music
library
right
and
and
they
didn't
innovate,
I
mean
they
didn't,
create
the
cell
phone
right
and
did
they
really
create
smart
devices?
C
C
They
they
took
that
to
a
whole
new
level,
and-
and
you
know
they
took
two
things
that
already
existed
and
they
and
they
made
it.
They
made
something
that
was
way
more
functionable
functional
right,
and
so
you
don't
have
to
carry
your
walkman
and
your
cell
phone
and
your
book,
your
kindle
and
your
you
know
what
I
mean
you
had.
All
of
those
things
have
been
kind
of
put
together
and
and
from
there
you
know
it
started
to
kind
of
make
me
think
about.
How
can
we
be
more?
C
You
know
lean
and
agile
right,
I'm
going
to
use
those
two
terms,
even
though
you
know
I'm
sure
somebody's
going
to
want
to
hit
me
in
the
head
because
of
them,
but
it
kind
of
makes
you
think
a
little
more
in
those
terms,
and
it
makes
you
think
a
little
bit
more
about,
because
people
always
ask
me,
you
know
I
used
to
always
in
the
day
people
ask
me:
what
kind
of
computers
should
I
buy
right
and
I
would
say
you
know,
for
the
most
part
parts
are
parts
buy
the
one
from
the
company
that
has
the
best
customer
service.
C
A
I'd
be
interested
from
from
both
you.
We
just
got
a
few
minutes
left
here.
What
maybe
I'll
start
with
you
rebecca
like
in
the
you
know,
we've
worked
in
government
and
and
the
term
gov
tech
comes
up
a
lot
or
civic
tech.
I
mean
where
what
do
you
guys
see
as
what's
coming
next,
like
now
that
we've
kind
of
gone
through?
A
You
know
this
this
pandemic
period,
where
we've
we've
gone
from
a
physical
work
environment,
to
a
a
virtual
work
environment,
to
distributed
systems
and
what's
coming
to
come
next,
I
mean
there's
going
to
be
this,
this
molding
of
time
and
space
and
interaction
or
or
even
like
what
are
some
of
the
things
that
we're
going
to
need
in
this
in
this
new
world
that
we're
stepping
into.
A
B
I
mean
I
I
don't
know,
but
I've
I've
thought
a
lot
about
like
what
the
difference
between
or
I
guess
how
the
internet
of
things
is
like
infiltrating.
I
guess
everything
so
like.
B
If
you
you
know,
we've
talked
a
lot
about
smart
cities
and
autonomous
vehicles
and
adding
tech
to
street
lights
like
does
that
all
end
up
becoming
more
of
a
security
threat
than
people
just
driving
on
their
own
goodwill
or
whatever
dmv
class,
because
you're
then
able
to
infiltrate
an
entire
system
as
opposed
to
you
know
one
bad
actor
or
six
bad
actors
in
the
city.
That's
something
that
like
like.
I
don't
get
answers
for
it,
but.
B
We
talk
a
lot
about
like
distributed.
Energy
is
like,
is
you
know
the
way
that
everything
should
be
moving
is
in
distributed
systems
right,
like
you
want
a
smaller
loop
for
your
food
system?
You
want
a
smaller
loop
for
your
energy
system
because
it
reduces
waste.
Why
you
know
is:
is
that
conflicting
with
the
way
we're
starting
to
think
about
mobility
and
transportation
by
having
like
a
centralized
more
of
a
centralized
system
than
like
all
of
those
distributed
actors?
I
don't
know.
C
Yeah,
I
think
you
know
because-
and
we
talked
about
this
several
years
ago
right,
you
know
when
people's
toasters
were
starting
to
get
ip
addresses.
You
know
and,
and
you
have
all
of
these
distributed,
you
know
smart
devices
again
great
opportunity,
nightmare
for
security,
people
right
yeah,.
A
C
Right
and
because
if
you
overthink
it
then
you'll
end
up
not
doing
it,
and
that
and
that's
really
not
the
not
the
way
that
you
want
to
go,
but
I
think
what
we
have
seen
over
the
last
year
and
a
half.
You
know
a
couple
of
a
couple
of
lessons
learned
right,
so
the
things
that
we
were
worrying
about
a
year
and
a
half
ago,
we
were
probably
aren't
worrying
about
them.
C
Now,
right
so,
and
there
are
things
now
that
we
worry
about,
that,
we
weren't
worrying
about
then
right
so
and
and
one
of
the
big
things
that
has
has
come
of
this
is
going
to
be
remote,
work
yeah
right.
That
was,
that
was.
That
was
really
not
as
big
of
a
thing,
and
you
know
there
are
a
lot
of
companies
that
have
given
up
their
work.
Space
or
downsize
moved
into
something.
C
Smaller
people
are
working
from
home,
people
are
working
from,
you
know,
shared
spaces,
those
kind
of
things
and
and
a
lot
of
that
needs
to
be
taken
into
consideration
as
we
think
about
how
we're
moving
forward
with
tech.
You
know-
and
this
was
kind
of
a
conversation
that
you
know
you
and
I
were
talking
about
grant.
You
know
how
much
energy
was
saved
or
or
what's
the
impact
of
people
not
traveling
for
a
year
and
and
some
months
right.
What
did
we
gain
from
that?
C
And
what
could
we
gain
going
forward
if
some
level
of
that
were
to
be
kept
up
or
or
you
know
where
you
know,
how
do
we
capture
metrics
on
that
those
types
of
things
and
and
use
that
to
make
the
next
step
to
move
forward
right?
Because
that's
what
innovation
is
right,
you
you
take
the
data
and
you
take
two
things
that
you
have
and
put
them
together.
A
Yeah
I
mean
it's
interesting
like
through
this
whole,
you
know,
horrible
experience
there
is
going
to
you
know,
originate
out
of
it.
A
number
of
innovations
I
think
which
is
so
fascinating.
A
Just
to
talk
quickly
about,
like
the
you
mentioned
emissions
like
in
2020,
we
did
an
analysis
with
google
that
we'll
we'll
be
posting
soon,
but
20
transportation,
emissions
reduction
in
the
year
2020
because
just
limited,
you
know
folks,
weren't
traveling
by
car
or
bus
or
staying
closer
to
home,
and
then
we
saw
about
a
five
to
seven
percent
decrease
in
in
energy
consumption
too.
A
You
know,
but
there's
also
shifts
and
from
like
the
commercial
market
to
the
residential
market
and
right.
You
know
so
like
there's,
there's
a
rebalancing
in
some
cases
that
are
happening
which
is
fascinating,
so
we're
coming
up
against
time
and
you
know
usually
sylvia
at
the
end
of
the
show.
We
ask
our
our
our
guests
what
they're
reading
listening
and
watching.
A
So
I
want
to
open
that
up
to
you,
but
I
also
want
to
another
demonstration
of
your
resilience
goes
beyond
just
the
I.t
space,
but
you're
also
a
chicago
cubs
fan,
and
so
there's
you
know,
one
of
the
most
resilient
fan
bases
out
there,
maybe
right
behind
the
pittsburgh
pirates.
I
think,
but
I'd
be
interested
in
your
take
on.
You
know
what
what
do
you?
What
are
you
consuming
over
these
summer
months
and
also
your
thoughts
on
the
cubs
and
and
and
how
the
baseball
season's
gone.
C
So
what
I'm
consuming
so
I
you
know,
I
I've
been
reading,
actually
a
lot
of
a
lot
of
different,
a
lot
of
different
books
and
and
and
listening
to
some
some
some
audio
books.
Mostly
you
know,
geeky
stuff,
you
know
security
things
stuff,
like
that,
what
I've
been
watching
the
last
the
what
I'm
binging
right
now
is
one
division.
A
C
Because
I
had
when
it
first
came
out,
I
started
watching
and
I
watched
like
the
first
two
episodes
and
I'm
like
no,
no
I'm
gonna
wait
until
this
is
completely
done
and
then
I'm
gonna
start
it
from
the
beginning
and
and
make
my
way
through
it.
So
that's
what
I'm
I'm
kind
of
halfway
through
that
now.
You
know
the
whole
the
the
the
fact
that
you
know
because
of
the
pandemic.
You
know
everybody's
everybody's
staying
staying
home
that
really
didn't
change.
C
My
tv
habits
a
lot
right,
because
I
still
worked
the
same
amount
of
hours.
Nothing
changed!
You
know
when
I
was
in
the
office,
I
would
work
and
then,
when
I
would
come
home
from
the
office,
I'd
maybe
put
on
some
pajamas
and
then
I'd
go
back
to
work.
So
you
know
it
it
really
hasn't.
You
know
it
really
hasn't
hadn't
changed
my
my
television
watching
or
content
of
you
know
of
other
things.
Now,
as
far
as
the
the
cubs
are
concerned,
we've
got
some
tough
times
coming
up
here.
C
And
then
they
won
and
then
they
lost
again.
So
it
kind
of
looks
like
that
core
from
the
2016
world
series
team
is
probably
going
to
get
broken
up.
So
it's
going
to
be
a
big
challenge
for
cubs
fans
and
let
me
tell
you
why
and
you
talk
about
resilience
right
of
of
of
the
cub
fan
and
I
have
been
a
cub
fan
since
1960
right.
B
C
And
so
back
when
they
were
so
bad,
they
were
so
bad.
You
went
to
drink
and
hoped
that
a
game
would
break
out
right
and
so
and
then
it
was
like
everybody
kind
of
looked
up
and
it's
like
wow
they're
winning
they're.
Looking
you
know
like
there
was
like
a
time
in
the
80s
and
then
it
was
like.
Oh
no
man
that
was
just
an
anomaly
right
and
then
they
became
really
good.
C
They
became
really
good.
They
started
out
by
not
sucking
I
really
like
that.
They
started
out
trying
not
to
suck
right
okay
and
then
they
are
really
good
and
then,
after
that,
when
they
would
do
bad.
It's
like
I
don't
know
how
to
be
mad
at
them
right
because
right
right,
because
they've
always
sucked
right
and
then
they
got
good
and
then
you
were
really
excited
and
then
when
they
got
bad
again,
it
was
kind
of
like
I
don't
know
how
to.
A
C
I
I
think
I'm
mad
and
I
want
to
be,
but
I'm
not
sure
how
to
do
that,
because
that's
never
been
a
thing.
You
know
you
always
just
kind
of
okay,
they're
doing
bad,
we
still
watch
and
we
still
feel
the
stands,
and
we
still
you
know
now.
It's
like
this
is
some
some
kind
of
feeling
that
I've
never
had
before
you.
A
That's
awesome
rebecca.
Do
you
have
anything
kind
of
coming
across
your
desk
that
you're
interested
in
over
the
summer.
B
B
I
don't
know
I
mean
it
kind
of
it
like
looks
at
where,
where
you're
at,
like
it
locationally,
so
it
kind
of
spits
back
what
what
it
thinks
it
is.
I
don't
think
I've
had
anything
like
groundbreakingly
weird.
They.
B
Gotten
anything
that
crazy,
yet
what's
cool,
though,
is
that
they,
so
it
spits
back
what
it
thinks
it
might
be,
based
on
your
picture
and
an
algorithm
and
then
there's
a
bunch
of
experts
on
the
other
end
and
like
within
a
week.
You
know
somebody
else
will
like
verify
it.
Some
expert
will
verify
it
and
like
if
it's
if
it
is
what
you
thought
it
was.
B
A
Awesome
well
well,
thanks,
so
much
rebecca
and
thanks
sylvia
for
being
with
us
today,
and
thanks
for
the
work
you
do
for
the
city
of
pittsburgh.
As
I
said,
you
guys
are
truly
true
heroes
throughout
the
pandemic
and
helping
all
of
us
kind
of
get
through.
You
know
into
this
virtual
new
world
brave
new
virtual
world
that
we're
part
of,
and
so
thanks
for,
all
your
work
and
thanks
for
being
a
guest
today.