►
From YouTube: EDU.SIG DEI Community Office Hours (May 18, 2023)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
A
B
B
Well,
I
see
you're
still
connecting
to
to
audio.
B
C
Yeah
I
I
missed
meetings
for
the
open
ssf
last
week
is
the
final,
so
I'm
hoping
to
just
so
in
some
way
get
back
to
it.
You
know
yeah.
B
C
B
C
D
C
I
think
from
previous
open
ssf
talks,
they
talked
about
or
I
think
they
said
that
you
were
you
like,
went
through
your
like
PhD,
or
does
that
accurate.
B
Or
yeah
yeah
I
hold
two
batches
of
Greece,
two
Master
degrees
and
a
PhD
absolutely
so.
C
Tell
me
about
like
kind
of
like
that
story
and
still
staying
in
like
Academia
and
just.
B
Well,
the
the
the
the
bouncing
ball
I,
never
had
a
mentor
or
I
never
knew
anyone.
That
was
attempting
to
do
anything.
I've
done
so
it
was
really
about
a
bouncing
ball.
I
was
in
the
military
and
I
started
learning
about
information
security
in
the
military.
B
You
know
in
the
dod
which,
which
is
the
home
of
information
security.
So
I
I
got
my
bones
there,
but
during
that
time
I
wanted
to
study
something
that
was
going
to
help
me
after
the
military,
because
I
wasn't
sure
how
long
I'd
do
that
for
I
got
to
a
point
where
I
did
plan
on
retiring
and
I
did,
but
but
I
want
to
do
something
that
that
will
get.
That
will
help
me
out
with
employment.
B
So
I
study
software
engineering,
because
that
was
you
know
the
software
was,
you
know
we
would
lose
a
Microsoft.
You
know
we
was
using
Microsoft
stuff
word
office.
You
know
all
office
suite
all
the
the
operating
systems,
Windows
95
and
all
that
kind
of
stuff,
and
then
I
said
well,
let's
learn
how
to
create
some
of
this
stuff.
So
so
that's
what
I
did
while
I
was
in
the
military,
be
surprised
you
as
I,
started
out
as
a
marketing
major,
but
that
was
before
the
military.
B
So
it's
so
software
engineering,
while
I,
was
studying
software
engineering,
I
learned
about
error,
checking
and
error
handling
and
the
importance
of
you
know
hardening
your
code,
the
importance
of
simplifying
and
tightening
up
code
and
tightening
up
inputs
and
and
how
inputs
are
handled
and
everything
else
like
that
and
I
started
learning
about.
Why
that's
important
and
that
started
my
you
know.
I
was
already
doing
information.
Security
I
was
already
doing
operational
security.
B
B
So
the
information
security
ideology
I
already
had
and
then
I
started
learning
about
information
security
as
it
was
related
to
how
programs
and
how
software
gets
developed.
So
I
said
well,
man
is
there
an
information
security
degree
out
there?
And
lo
and
behold
there
was
so
I
began
to
study
information,
security
and
then
I
earned
a
degree
in
that.
B
But
while
I
was
studying
information
security
I
learned
that
information
security
and
definition
is
securing
business
transactions.
So
then
I
started
learned
that
information
security
itself
is
not
a
technique.
It's
not
a
tech
function.
It's
a
business
function,
so
I
said
well,
damn
I,
don't
know
business
well
enough.
B
So
then
I
said
man
I,
better
I,
better
study
business.
But
before
that
I
said
well,
let
me
learn
about
information
security
from
a
managerial
standpoint.
So
then
I
said
well
shortest
path
to
something
is
a
straight
line.
B
So
let
me
go
ahead
and
get
this
Masters
in
information
security,
so
I
did
and
then,
while
I
was
doing
that
it
kept
coming
back
up
business,
business,
business
drivers,
business
function,
business,
risk,
business,
implications
and
I
said:
do
I
need
to
study
business,
so
I
earned
an
MBA
and
so
I
got
an
MBA
and
I.T
management.
B
I
did
that
and
completed
the
PhD
and
then
I
I
had
retired
a
few
years
before
completing
the
pH
that
took
me
a
while,
but
I
retired
out
of
the
military
was
working
at
PWC
at
the
time
completed
the
PHD
and
and
and
and
then
the
rest
is
history,
but
throughout
all
that
time,
I
would
earn
certifications
as
well,
so
I
I
have
about
14
or
I
earned
14
to
15
certifications
over
the
lifetime.
I
mean
I,
I
still
hold
a
few
of
them.
B
I
don't
hold
many
of
them
now
a
lot
of
them.
I
I
let
go
but
I
still
hold
quite
a
few
of
them,
but
I
I
would
study
something
you
know
pass
the
class.
Take
a
certification,
so
I
would
I
would
I.
Would
you
know
it
would
be
how
I
validated
my
learning?
How
I
validated
learned
knowledge
would
be
go
going
to
earned
certification,
but
I
would
be
I
was
working
at
the
same
time.
So
all
throughout
my
military
career
I'd
be
working.
You
know
doing
communication
security
at
that
point.
B
I
had
left
infantry,
you
know,
I
stopped,
jumping
out
of
planes
and
all
that
and
I
was
focused
in
on
no
teaching
either,
whether
it
be
teaching
information,
security,
doing
information,
security,
doing
cryptographic,
stuff
doing
you
know,
communication
security,
stuff,
doing
active
cyber
defense
stuff
and
at
the
same
time
I'd
be
studying
it
and
then
I
would
earn
a
certification
in
it.
So
it'll
be
learn,
practice,
no
learn,
apply,
practice
and
test
right,
evaluate,
learn,
learn,
apply,
practice,
evaluate,
and
that
would
be
the
methodology
I
use
even
to
this
day.
B
I
use
that
methodology,
so
that
that's
so
that
was
that's
the
bouncing
ball
method
that
I'm
talking
about
how
I
got
from
A
to
B
and
then,
of
course,
like
I,
said,
is
still
relevant
to
this
day
as
I
begin
to
work
on
things
like
Ai,
and
you
know:
supply
chain,
security,
Ai
and
supply
chain,
security,
LOL,
s-bombs
and
Vex
documentation-
and
you
know
you
know
every
Every
Which,
whatever
csaf.
B
B
But
the
evaluation
point
now
comes
in
how
we
apply
that
stuff
to
tools
and
and
how
we
apply
the
tools
that
that
are
working
tools
that
our
customers
consume
in
and
how
we
evolve
the
state
of
things
and
then
in
the
industry
today,
so
that
that's
a
that's
a
that's,
a
very
long
story
to
tell
you
how
I
got
from
I
got
from
A
to
B,
which
is
why
I
said
to
you
be
careful
with
saying
you're
you're
done,
because
you
can
continue
on.
C
That's
fair
yeah,
I
I,
when
I
was
earlier
in
my
college,
career
I
had
a
like
a
lofty
Ambitions
for
myself
and
I
was
like
I
was
like
yeah
immediately
after
undergrad
write
to
the
PHD,
but
definitely
I
definitely
am
still
somewhat
interested
in
it,
but
like
for
right
now,
I
think
I
want
to
get
some
some
working
experience
before
I
go
back,
but.
B
And
that's
smart
I,
don't
I
I
would
encourage
everyone
before
you
consider
a
PhD
to
get
some
weight
under
you.
Get
some
app
get
gets,
get
some
get
some
practice
time
with
me.
Get
you
know,
learn
it's
cool
to
say
you
got
a
PhD
until
somebody
runs
up
on
you
and
tests,
your
gangster
and
now
you're
and
now
the
math
ain't,
nothing.
You
know
what
I'm
saying
you
you
don't
want
to
get
caught
like
that.
C
Earlier
you
talked
about
hardening
code
and
kind
of
like
the
importance
of
that.
Have
you
noticed,
like
maybe
like
a
shift
with
organizations
kind
of
being
more
I.
Don't
know
more
more
aware
of
supply
chain
stuff
or
or
is
this
like
still
like
very
new
and
like
we're
still
kind
of
like
in
really
the
the
the
age
before
this
gets
really
big,
because
I
remember
when
I
was
working
a
little
bit
on
Co-op
like
we
were
just
learning
about
s-bombs
and
I?
C
Remember
my
manager
taking
a
look
at
it
just
for
a
little
bit,
but
then
there
were.
There
were
so
many
other
things
that
we
needed
to
do,
because
we
were
a
smaller
team
that
it
kind
of
just
fell
under
the
rug.
And
then
you
know
when
I
started
joining
the
ossf
meetings.
I
saw
it
again
and
I
was
like
oh
okay,
wow,
look
at
that.
Have
you
kind
of
noticed
like
we're
kind
of
at
the
golden
age,
or
not
really
golden
age,
but
a
little
bit
before.
B
I
think
everything
comes
around
full
circle,
so
the
concepts
and
things
that
we're
working
on
today
was
stuff
that
we've
been
told.
We
were
talking
about
10
15
20
years
ago.
B
The
the
only
difference
now
is
it's
becoming
more
prevalent
that
we
that
we
take
that
we
not
just
take
a
look
at
these
things,
but
really
make
it
commonplace
in
how
we
practice
I.
Think
a
large
part
of
the
problem
are
slos
right.
B
These
organizations
have
these
windows,
it's
you
know,
first
to
market
right.
First,
the
market
wins
still
and
as
long
as
that's
the
case,
it's
gonna
be
a
rush
on
development.
It's
gonna
be
a
rush
on
getting
something
out
there.
You
can
always
put
out
later
releases.
You
can
always
put
out
hot
fixes.
You
can
as
long
as
that's
the
case.
As
long
as
you
can
always
put
out
hot
fixes
put
out
subsequent
releases
put
out
patches,
it's
gonna
always
be
get
that
product
out.
B
If
it's
great
it's
great,
if
it's
not
so
great
fine,
that's
okay,
we
can
always
fix
it
later
right
now.
What's
the
difference
between
then
and
now,
the
current
EO,
the
current
executive
order
and
the
subsequent
cyber
security
guidance
that's
been
developed
as
a
result
also
the
emerging,
which
was
again
10
years
ago.
This
was
happening
now,
there's
meat
behind
it,
but
cyber
liability.
What
does
Cyber
liability
actually
mean?
So
now
it's
like
okay,
you
put
that
product
out
now.
B
If
somebody's
organization
gets
taken
down
as
a
result
of
a
product
that
they
consume,
that's
your
product
that
they
consumed
and
it
could
be
traced
back
that
you
didn't
do
your
due
diligence
improperly
hardening
that
code
or
properly
you
know,
or
your
s-bombs
or
whatever
it
is,
doesn't
have
all
the
ingredients
in
it
or
you
have
Vex
documentation
on
your
vdr.
Documentation
has
vulnerabilities
that
weren't
mitigated
properly.
Now
you
not
the
company,
you
can
be
held
liable.
B
Now
the
the
the
the
the
product
producer
can
be
held
liable
now
for
Distributing
and
selling
faulty
products
similar
to
like
a
car.
That's
a
lemon
right.
It
says
you're
a
lemon
and
the
car
doesn't
work.
They
could
be
held
liable.
You
got
to
take
it
back
right
now,
we're
coming
into
an
issue
where
that
producer
can
be
held
liable,
which
now
changes
the
game
completely.
Not
only
do
you
have
to
produce
and
which
is
coming
and
not
currently,
but
coming
so
emerging
producing
s-bomb.
B
That
says
these
are
the
ingredients
and
of
course
we
have
to
determine
what's
going
to
be
publicly
available
and
then
what's
only
available
to
the
actual
consumer
of
said
product
when
it
comes
to
an
s-bomb,
because
you've
got
the
you
got
your
special
sauce
and
your
proprietary
ingredients
inside
of
your
software
that
you
don't
necessarily
want
to
get
out
before
you
know
people
still
making
duplicate.
Now
you
have
a
whole
bunch
of
issues
there,
but
we're
coming
into
an
issue
now
where
the
s-bomb
has
to
be
right
right.
B
What's
and
now
we're
going
to
validate
the
quality
of
that
s-bomb
and
then
you
have
to
have
Vex
documentation.
That
says
whether
there's
a
vulnerability,
there's
a
cve
out
there
against
one
of
your
transitive
dependencies
is
that
dependency
vulnerable
to
that
threat?
And
then
now
is
it
and
then
now
you're
saying?
Well:
no,
it's
not
affected!
B
Well.
Why
is
it
not
effective?
It
says
it's
there,
it's
not
effective
because
of
these
particular
variables
that
have
not
you
know,
because
this
this
patch
or
because
of
the
way
it's
built
over
here
or
the
way
or
this,
this
compiler
or
what
no,
whatever
the
case
is,
makes
it.
So
that's
not
make
sure
that
it's
not
affected.
So
now
you
can
have
that
kind
of
documentation
as
saying
that
which
A's
to
say
well,
we
have
this
ingredients
list
and
this
vulnerability
exploitability
exchange
document
that
says
this
wasn't
affected.
B
We
also
have
this
vulnerability
disclosure
report.
B
There
are
threat
models
created
now
around
the
supply
chain,
there's
more
prevalence
that
there's
more
of
a
of
a
of
a
look
and
feel
around
making
sure
your
inventory,
CID,
CI
CD
pipelines,
making
sure
that
the
pipelines
are
scanned
properly,
making
sure
that
that
there's
sanitization
that
occurs.
You
know
now
we're
going
back
to
the
to
the
quality,
control
and
quality
assurance
aspects
of
software
development
right.
B
So
so
now
we're
going
back
to
to
you
know
your
Q
season,
the
front,
your
qa's
in
the
rear,
right
verification
versus
validation
and
all
that
kind
of
you
know
we're
doing
that
stuff
again
that
stuff
again
right,
you
when's
the
last
time,
you've
seen
an
advertisement
for
a
job
for
a
QA
engineer
that
was
15
years
ago,
but
that's
coming
back
now,
right,
QA
engineering
is
coming
back
where
it
kind
of
went
away
for
a
while.
It's
coming
back
so,
like
I,
said
we're
we're.
B
You
know
things
that
things
are
coming
around
kind
of
full
circle
with
a
few
additions,
but
they're
just
put
in
the
spotlight
now
on
how
things
are
getting
developed
and
the
supply
chain
that
things
are
being
developed
in,
which
is
a
whole
Rhyme
or
Reason.
Behind
things
like
salsa
and
s2c2f
out
of
the
supply
chain,
Integrity
working
group.
C
He
said
salsa
and
S2
c2f.
D
C
Are
there
any
like
certifications
or
kind
of
bits
of
resources?
That
probably
would
be
the
best
to
look
at
for
supply
chain
security.
B
Oh
yeah
LF
has
a
whole
if
you
go
to
LF
training
and
development,
David
will
has
written
a
lot
of
training
materials
if
you
get
into
the
best
practice
that
you
go
up
to
the
best
practices
working
group
riches,
the
working
group
that
this
subcommittee
falls
under.
B
We
have
best
practices,
guides
left
and
right.
If
you
get
into
the
training
and
development
angle
of
things-
and
you
start
looking
at
some
of
those
certifications
they're
in
there's
a
whole
bunch
of
stuff
that
you
could
take
a
look
at
and
really
sink
your
teeth
into
in
terms
of
in
terms
of
coming
up
and
this
this
is
from
an
open
source
development
standpoint.
B
There
are
a
few
certification
bodies
externally
that
do
carry
some
software
stuff
as
well.
I
know
ISC
square
has
one
I'm,
not
sure
I
can't
remember,
which
other
I
think
I'm
not
sure
isaka
has
one
but
I
know
ISC
square
has
one
there's,
maybe
a
few
others
out
there,
but
you
can
look
those
up,
but
there
are
things
out
there
that
are
talking
about
supply
chain
and
of
course,
if
you
go
to
things
like
Microsoft
and
Amazon
and
even
Google
they'll
have
training.
Of
course,
Sarah
has
training
right,
you
get.
B
The
LinkedIn
has
training
right
there,
a
few
a
few
things
out
there,
especially
with
free
training
that
you
can
take
that'll
get
you
get
you
a
foundational
understanding
of
a
lot
of
this
stuff.
I.
C
Think
Google
just
dropped
their
cyber
security,
like
Coursera
thing
so
like
I
know
before
they
had
the
the
support,
like
the
the
tech
support,
one
yeah
and
now
they
have
they've
been
like
finally
have
their
security
one.
So
I'm
definitely
gonna.
Look
at
that.
Yeah.
C
And
did
you
also
attend
the
openssf
North
America?
Well,.
C
How
is
that,
unfortunately,
that
that
was
kind
of
like
when
I
was
finishing?
My
last
final,
so
I
couldn't
couldn't
attend
in
person.
B
Oh,
it's
pretty
good
I
mean
it
was
hell
I
liked
it.
Last
year
this
year
was
pretty
good
a
lot
of
great
speakers
out
a
lot
of
good
information
put
out.
Like
always,
you
do
a
pretty
good
job,
putting
stuff
out.
B
Yeah
they
do
a
pretty
good
job.
Putting
it
out,
it'd
be
great.
We're
always
advocating
at
least
I
am
for
the
college
student
to
attend
to
to
rub
shoulders
with
a
lot
of
people
in
the
industry,
because
it's
you
know
these
are.
These
are
not
only
producers
of
software
but
consumers
of
it
as
well.
B
You
got
your
maintainers,
your
your
open
source,
maintainers
that
attend
as
well,
so
to
get
a
good
idea
of
how
you
get
from
A
to
Z
on
the
maintainer
side,
how
you,
how
you
get
into
some
of
these
organizations
and
some
of
the
things
that
you
look
out
for
and
be
a
great
idea
for
you
guys
to
get
involved,
especially
at
the
Collegiate
level.
I
mean
these
are
all
hell.
B
C
That's
good
to
know:
I'll
tell
I'll
tell
some
people
at
NJIT,
you
know
that's
the
thing
yeah,
because
I
I,
like
one
of
the
one
of
the
new
things
that
we
also
started
at
njt,
was
a
new
cyber
security
club
and
I
was
just
trying
to
like
get
them
into
the
open
ssf
meetings
or
at
least
just
like
attending
some
but
I'm
sure
I'm,
sure,
there's
a
lot
of
other
things,
but
I
don't
know.
Maybe
I'll
push
a
little
harder.
Oh.
B
B
Yeah,
we
absolutely
want
to
help.
We
want
to
help.
We
want
to
get
people
in
front
of
other
people
we
want
to
make.
We
want
to
create
Pathways
to
success,
and
it's
very
important
that
as
you're
starting
your
career,
you're
starting
your
career
with
the
right
foundation
of
you
with
the
right
thought
process
on
how
you're
going
ahead
and
developing
and
and
creating-
and
you
know,
envisioning,
you
know
how
you
take
steps
in
your
career
and
and
the
way
that
you
go
ahead.
I
mean
this.
All
this
stuff
is
increasingly
important.
B
C
The
the
other
thing
that
I
was
also
like
curious
about,
because
I
was
kind
of
totally
about
this,
like
this
issue
was
automation
of
security
like
I'm
not
entirely
sold
on
on
just
the
fact
that,
like
you
can
automate
one
section
and
then
that
section
is
like
completely
like
secure
and
stuff.
C
C
However,
there
were
like
too
many
like
factors
to
to
put
into
play
to
make
it
like
good
automation
and
then,
if
it
was
like
automated
like
well,
there
just
wasn't
like
enough
like
eyes
on
it
or
or
like
I
I,
just
deemed
it
like
to
not
be
like
secure
enough.
How
do
you
like
ameliorate
security
when
it
comes
to
like
Automation
and
automation
when
it
comes
to
security?
C
I
know
these
are
like
pretty
like
abstract
things
that
I
probably
have
not
explained
well,
but
I
was
kind
of
curious
on
your
take
no.
B
B
B
Give
me
give
me
what
you
do
after
you.
After
you've,
you
designed
you've,
you
designed
you've
coded.
What
do
you
do
next.
C
Design
coded
right,
I,
suppose
Implement.
If
it's
not
like
already
implemented.
B
C
C
Static
will
just
kind
of
look
to
see
if
the
output
is
accurate
and
I
would
assume.
Dynamic
is
to
look
kind
of
more
along
the
lines
of
like
hey
when
this
part,
when
this
process
is
running,
are
there
any
like
bugs
in
it.
C
The
tooling
for
static
testing
is
like
pretty
simple
compared
to
the
oneself
dynamic
because
for
the
ones
with
Dynamic
you
need
like
yeah.
You
need
a
sort
of
real
system
to
actually
figure
out.
If
there
is
like
a
bug,
there
can
be
a
bug
that
only
happens
every
so
often
because
of
some
conditions,
but
that's
like
an
inherently
like
difficult
thing
too,
like.
B
Stay
on
the
stay
on
the
stay
on
the
some
conditions,
part
right
stay
on
the
some
conditions,
part
when
I
asked
you
about
the
tooling
with
respect
to
static
versus
Dynamics
they're
on
the
conditions
part
which
conditions
tell
me
when
it
comes
to
conditions
when
you
think
about.
Let's
go
back
to
the
original
question
about
automated
tools.
C
B
B
You
can
do
a
scan,
a
vulnerability,
scan
that
vulnerability
scan
can
say.
That's
you
have
this
vulnerability
available
with
this.
This
thing
is
vulnerable
to
this
cve
or
this
one
because
of
this
phone.
This
version
number
this
none
other.
You
have
to
turn
around
and
say.
Okay,
let
me
make
sure
how
do
you
make
sure
you
must
manually
now
test
that?
B
With
that
vulnerability,
do
you
use
the
piece
of
automation
to
just
to
say
that
this
our
environment
is
now
secured,
or
we've
done
this
automation?
That's
now
secure
now
you
didn't
have
to
go
ahead
and
manually
test
to
make
sure,
especially
if
you
have
a
concern.
There
are
some
items
that
you
can
say.
Oh
no
I
applied
this
tool
and
yes,
I
can
guarantee
after
I
apply
this
tool
it's
secure,
but
then
there
are
some
conditions
that
say
that
an
automated
tool
to
secure
it
is
not
going
to
be
sufficient.
C
So
do
you
think,
like
potential
potentially
a
way
to
ameliorate
the
the
insufficientness
of
like
automation?
Do
you
think
that's
where
kind
of
AI
is
going
to
make
sure
either
or
kind
of
where
are
you
with
AI
I
know,
like
some
people
are
on
the
fence
that,
like
hey.
B
Actually,
I
think
it's
the
exact
opposite,
interesting
I
think
it's
the
exact
opposite
I
think
AI
is
going
to
do
a
great
job
in
the
front,
but
I
think
that
we
always
need
to
make
sure,
because
it
goes
the
thing
that
you
have
to
remember
about
AI
so
but
in
logical
nature
of
a
logical
engine,
and
this
is
something
that
I
say.
B
Not
many
people
will
say
this
for
me
as
long
as
it's
a
human
being
right
in
the
code
right
in
the
code
in
that
long
large
language
model
you're
at
the
logic
and
the
algorithm
is
at
the
logic
and
at
the
it's
it's
it's
as
logical
as
the
person
encoding
it
at
the
time
and
any
learned
information
based
on
that
algorithm
is
as
fallible.
That's
me
saying
this.
That's
me
thinking
out
loud
about
this.
That
being
the
case,
you
can
have
an
AI.
B
B
The
cost
to
mitigate
is
less
then
bye
and
I'm
and
I'm
I'm
gonna,
say
a
factor
of
10,
maybe
I
don't
know,
but
different
companies
have
different
thresholds,
but
let's
say
the
cost
to
mitigate.
It
is
five
dollars
or
twenty
dollars
and
you
end
up
losing
a
hundred
dollars
in
Revenue
or
you
cannot
mitigate
it
and
gain
a
thousand
dollars
in
Revenue,
but
you're
still
vulnerable.
So
now,
you're
saying
well
hell
we'll
take
the
loss,
because
our
gain
is
a
lot
more
right.
These
are.
These
are
business
reasons.
B
These
are
business
thoughts
right,
but
what
happens
if
the
AI
Engineers
program
to
think
that
way
and
now
they're
making
that
decision
around
things
universally
across
the
board
and
it's
not
differentiating
between
one
thing
or
the
other,
because
logic
in
logic
out
right,
so
so
so
I'm
not
saying
this
is
forever
too
I
mean
I.
Think
there
might
be
advancements
in
the
way
that
these
large
language
models
are
going
about.
Creating
these
these
AI
engines
and
the
AI
engines
are
evolving
evolving
evolving
over
time.
B
I'm
saying
way
in
the
beginning,
there
does
need
to
be
once
again
a
human
element.
Even
if
you
walk
by
a
door
and
you
hit
a
button
and
the
door
locks,
you
should
still
turn
around
and
pull
on
that
damn
door
to
make
sure
it's
blocked
hell
I.
Do
it
in
my
house,
I
use
my
key
I
put
my
key
in
the
lock,
lock,
lock
I
then
pull
I
squeeze
I
I
turn
the
handle
to
see
if
the
handle
turns
and
then
I
pull
the
door.
E
C
Okay,
that
was
that
was
like
pretty
insightful
with
the
AI.
That's
kind
of.
B
Oh,
like
I,
said
I'm,
the
only
look
I
did
not
many
people,
you
know
some
are
gonna.
Some
are
gonna.
You
know
like
I,
said
logic
in
logic
out
man.
Some
some
of
them
are
going
to
say
no
AI
is
you
know,
they're
gonna
put
their
Rhyme
or
Reason
behind
the
Sun,
not
all
some
you're
gonna
put
their
Rhyme
or
Reason
behind
it,
and
I
am
not
the
one.
My
mom
I'm,
not
I'm,
not
a
skeptic
I,
do
believe.
B
I
do
believe
in
in
in
Ai
and
I
do
believe
in
the
in
the
power
of
AI
and
and
the
viability,
and
also
the
God,
the
the
the
the
the
the
the
path
to
the
Future,
a
great
future.
That
AI
creates.
If
it's
used
correctly,
if
it's
developed
soundly,
if
the
proper
time
is
taken
to
make
sure
eyes,
are
dotted
and
T's
across
correctly,
which
we're
not
doing
right.
B
I
do
see
a
path
in
that
regard,
which
is
great
because
of
of
of
my
view.
That
way,
though
I
say
man
we're
moving
we're
moving
that
light
speed.
Man
we're
moving
that
life
speed
and
maybe
just
maybe
we
might
want
to
take
a
couple
of
Beats
here.
Man
I
want
to
take
a
couple
of
you
know,
slow
down
just
a
couple
of
seconds
and
make
sure
that
we're
properly
dotted
eyes
and
and
and
cross
and
tees
man
before
we
get
ourselves
into
a
situation.
B
That's
not
a
you
know.
We
we,
we
hem
ourselves
up
a
little
bit.
I
want,
but
I
don't
want
this
for
us
to
hem
ourselves
up
which
I
see
which
I
see
occurring
a
little
bit.
C
Sure
I
I
recently
was
on
the
a
pretty
pretty
against
AI,
because
I
was
like
I'm,
not
not
too
sure,
but
recently
I
was
a
competing
at
hackathon
and
I
realized.
Just
like
that.
More
of
the
world
of
AI
and
I
was
like
oh
wow.
This
is
actually
incredibly
promising
like
potentially,
if,
if
like
you
said
used
correctly-
and
you
know
properly
vetted
I
think
that's
a.
B
Super
important
yeah
man,
we
gotta,
we
got
to
pay
attention,
we've
got
to
pay
attention,
you
know
we
got,
we
got
to
pay
attention
and
we
got
to
take
Heat,
not
Everything,
That,
Glitters,
Is
Gold,
another
be
technology
is
good
technology.
We
gotta
we
got
to
make
sure
that
we're
doing
our
due
diligence
here.
B
You
know
like
like
I,
said:
My
Views
are
my
views
on
that
are
I've
used
on
that
of
my
own,
though
fair.
B
But
because
you're
you're
a
budding
brand
new
to
the
space
you're
coming
out
into
the
world,
and-
and
you
got
all
these
outstanding
and
wonderful
questions-
you
know-
I
mean
take-
you
know,
don't
just
ask
me,
you
know
to
ask
other
people
too.
Nist
has
a
great
publication.
They
just
put
out
around
AI
security.
B
There's
also
been
a
couple
of
Papers
written
I'm
reading,
one
now
about
cyber
security,
about
cyber
security
and
AI,
just
released
in
April,
a
nice
research
paper
that
was
done
that
I'm
getting
ready
to
dive
into
head
first,
so
get
your
hands
on
everything
that
you
can
get
your
hands
on.
Man
read
read,
study,
like
I
said
you
just
said:
I'm
done
I'm
done
with
school.
Now
you
ain't
yeah,
you
ain't!
You
ain't
done
yet
man
this!
This
industry
is
evolving
too
rapidly
to
say,
I'm
done
with
anything.
You
haven't
even
cracked.
B
The
surface
you
you've
studied
from
a
theoretical
standpoint,
I'm,
pretty
sure
that
your
teachers
have
have
gave
you
some
good
good
food
for
thought
and
they've
grounded.
You
pretty
well,
you
know
with
with
what's
currently
going
on
in
the
industry
and
all
that
concept,
I'm
pretty
sure
that
they
gave
you
the
right,
the
right
education.
But
now
it's
come
out
now
it's
time
to
come
out
here
and
get
the
right
experience,
which
looks
a
little
different
depending
upon
who
you
work
for
and
because
different
organizations
have
different
methodologies.
B
They
use
internally
for
their
for
the
way
they
develop.
C
Recommend
is
kind
of
the
the
best
role
to
take
with
insecurity.
I
know
before
you
talk
about
how
you
were
working
for
PWC
would
would
a
good
role
for
just
coming
out
of
school,
to
kind
of
more
focus
on
consulting
or,
if
possible,
the
security
engineer
out.
Oh.
B
Man,
that's
a
that's
a
wonderful
question.
Man,
you
know,
I
would
say
that
you
focus
on
getting
so
if,
if
cyber
security
is
your
path
and
it's
not
just
development
software
development
and
all
that
kind
of
stuff-
and
you
want
to
really
take
it-
get
an
idea
of
where
you
should
apply
your
skills
or
what
you
should
be
focused
on
you
really.
You
really
want
to
do
that.
B
I
would
say
to
you
Consultants
an
amazing
area
to
start
in
it,
because
Consulting
will
expose
you
to
different
Industries
and
the
different
nuances
in
each
industry.
Right
so
they'll
expose
you
to
like
I
mean
if
you
can
get
into
like
the
you
know,
Financial
financial
sector,
you
get
into
Health
Care,
you
get
into
government,
you
get
into
utilities
and
energy
right.
It'll
expose
you
to
all
of
these
different
organizations
and
all
these
different
companies
it'll
expose
you
to
different
partners
and
how
different
partners
communicate.
B
It'll
expose
you
to
how
you
know,
even
with
respect
to
different
meetings
that
you'll
have
within
these
organizations.
It'll
give
you
an
idea
of
how
c-suite
communicates
if
Francisco's,
communicate.
B
It'll
also
gives
you
a
good
idea
about
knowledge,
gaps
right
who's
who's
been
read
in
who's
up
on
game,
who
reads
the
Articles,
who
reads
the
literature
who
pays
attention
to
emerging
threats
in
the
industry
or
who
just
seeks
the
guidance
of
companies
like
PWC
to
know
and
not
know
right,
it'll
expose
you
to
all
that
kind
of
stuff
and
then
you'll
get
a
good
idea
of
man.
This
is
the
this.
Is
the
part
of
cyber
security.
B
I
want
to
focus
on
see,
I'm
an
information,
security,
traditionalist,
I
focus
on
information
security,
and
everything
to
me
is
a
derivative,
so
I
go
down
the
line
and
I
do
all
that.
But
if
cyber
security
is
like
what
part
of
cyber
security
do
you
want
to
focus
on,
do
you
want
to
be
the
penetration
tester?
Do
you
want
to
be
the
the
secure
supply
chain
or
the.
E
A
a
user
tester:
do
you
want
to
be?
Do
you
want
to
be
on
the
vulnerability
disclosure
side?
You
know,
do
you
want,
they
did
so
many
different.
E
And
you
know
bouncing
around
and
making
sure
your
focusing
in
on
one
area
and
then
say
you
know
what
I've
been
doing
this
for
a
year.
I
want
to
do
this
over
here
now
and
taking
the
time
and
going
over.
D
E
Will
also
give
you
a
place
where
you
want
to
do
your
focus
like
where
you
want
to
focus
your
career
and
then
be
and
then
be
a
you
know,
not
a
jack
of
all
trades,
a
master
of
number
be
a
master
of
a
trade.
You
know
that
Chasm
is
so
deep
and
wide.
You
can
have
a
wide
spectrum
of
the
chasm,
but
be
deep
in
one
area
or
maybe
another
you
have
to
be
deep
in
all
of
them.
D
C
E
Yeah
I'm
I'm,
so
happy
I
went
I,
went
the
route
I
went
especially
after
the
military
after
the
military
was
increasingly
important.
That
I
did
that.
Did
it
the
way
that
I
did
it,
and
that's
only
because
the
military
provided
me
an
Avenue
where
I
got
everything
from
a
government
standpoint,
everything
from
a
government
standpoint.
Everything
from
you
know
that
that
kind
of
rigor,
regulatory,
all
that
kind
of
stuff
and
then
I,
came
out
and
then
I
got
exposed
to
the
private
sector,
which
operates
a
little
differently
private
sector.
E
Man,
you
got
some
great
questions.
Man
I'm
actually
really
impressed
with
the
questions
you're
asking
I'm
at
I'm
I'm,
that's
what
this
office
hours
is
for
man,
that's
what
that's
what
this
is
for.
So
your
question,
man,
your
questions
are
a
why
or
why
this
office
hours
is
important
man.
That's
that's
good,
like
I'm,
so
appreciative
of
of
of
your
questions,
you
have
no
idea.
You
have
no
idea.
C
I'm,
a
pretty
sure
of
the
time
you
know
that
you
took
to
kind
of
like
have
this
so
I
can
pick
your
brain
and
and
see
what
ways
I
can
be
better.
Just
kind
of
like
you
know,
as
as
quote
unquote
like
the
new
kid
on
the
Block,
very,
very
new
insecurity.
A
A
E
Good
so,
like
I
said,
I
I
would
encourage
you
to
get
your
to
get
your
classmates,
especially
while
you're
still
in
school
have
them,
especially
especially
the
sophomores
and
the
Juniors.
That
really
want
to
get
a
good
idea
and
understanding
of
what's
going
on
and
get
a
leg
up
to.
B
E
A
leg
up
come
on
in:
let's
have
a
discussion.
Let's
Point
Let's
point
you
guys
in
the
right
direction.
Give
you
guys
something
to
do.
That'll
help
as
a
matter
of
fact,
I'm,
not
terribly
sure,
internship
wise,
whether
or
not
a
lot
of
the
stuff
you
can
do
can
be
counted
towards
internships,
but
that
damn
showing,
though,
that
you
guys
can
get
some
good
Hands-On
and
some
good
thoughts
around
that
type
of
stuff
and
and
then
be
able
to
like
put
in
your
resumes.
E
We
did
this
this
this
and
this,
so
we
looked
at
that.
That'll
help
you
out
with
getting.
D
E
D
E
Apply
for
an
internship
saying,
I
joined
the
open,
ssf
and
I
worked
on.
You
know,
I
learned,
you
know
my
skills,
the
skills,
the
new
skills
I
just
developed
the
helping
to
build
this
tool
or
I
looked
at
this
policy
or
these
standards
and
helped
develop
these
standards
and
ask
these
questions
or
provide
this
level
of
input.
That
goes.
D
D
E
D
C
Be
sure
to
tell
I
was
curious
before
I
I
head
out,
because
I
think
we're
nearing
the
the
top
of
the
hour.
Is
it
possible
to
connect
with
you
on
LinkedIn.