1 00:00:01,199 --> 00:00:04,080 hi everyone and we're back from break um 2 00:00:04,080 --> 00:00:06,720 and it's i'm just delighted that uh 3 00:00:06,720 --> 00:00:09,440 detective sergeant chris spinks is with 4 00:00:09,440 --> 00:00:12,080 us because he's doing a tremendous 5 00:00:12,080 --> 00:00:14,400 amount for that next generation that has 6 00:00:14,400 --> 00:00:16,239 been i think a theme that we've talked 7 00:00:16,239 --> 00:00:18,480 about in terms of a lot of the 8 00:00:18,480 --> 00:00:21,039 presentations today and it's certainly i 9 00:00:21,039 --> 00:00:23,199 think the opportunity and the exposure 10 00:00:23,199 --> 00:00:26,800 on things like our smaller community uh 11 00:00:26,800 --> 00:00:28,880 uh our community events 12 00:00:28,880 --> 00:00:31,039 in infosec is super important so without 13 00:00:31,039 --> 00:00:34,320 further ado i give you a chris spinks i 14 00:00:34,320 --> 00:00:35,600 was waiting for the round of applause 15 00:00:35,600 --> 00:00:37,360 there but uh i've never had one before 16 00:00:37,360 --> 00:00:40,000 so i shan't start now cheers guys before 17 00:00:40,000 --> 00:00:42,559 you can sit back 18 00:00:42,559 --> 00:00:43,680 sorry 19 00:00:43,680 --> 00:00:45,120 are we still hot yeah i was just going 20 00:00:45,120 --> 00:00:46,719 to say before we continue it's important 21 00:00:46,719 --> 00:00:48,320 to point out that chris is not here to 22 00:00:48,320 --> 00:00:51,520 arrest anybody yeah right well yeah and 23 00:00:51,520 --> 00:00:53,440 we'll and i'll show up now and let you 24 00:00:53,440 --> 00:00:55,199 continue yeah we were just talking about 25 00:00:55,199 --> 00:00:56,719 like bodies all over the place at the 26 00:00:56,719 --> 00:01:00,800 next vidcon i'm still note taking notes 27 00:01:00,800 --> 00:01:02,320 right guys thank you so much for having 28 00:01:02,320 --> 00:01:04,879 me on this is a tremendous um privilege 29 00:01:04,879 --> 00:01:07,280 for me and i don't do too many public 30 00:01:07,280 --> 00:01:09,760 talks which is probably why yeah cons 31 00:01:09,760 --> 00:01:12,240 stay interesting and so i put a couple 32 00:01:12,240 --> 00:01:14,880 of thoughts across when 33 00:01:14,880 --> 00:01:17,119 mr fat hobbit gave me the opportunity as 34 00:01:17,119 --> 00:01:19,520 something i might want to talk about um 35 00:01:19,520 --> 00:01:21,280 so i came up with a title of our only 36 00:01:21,280 --> 00:01:23,600 hope in innovation is cyber defence is 37 00:01:23,600 --> 00:01:26,400 youth diversity and gender engagement 38 00:01:26,400 --> 00:01:28,159 and so i kind of came up with a bit of a 39 00:01:28,159 --> 00:01:30,320 blueprint but having said the word 40 00:01:30,320 --> 00:01:32,240 diversity and gender engagement i'm now 41 00:01:32,240 --> 00:01:35,200 going to duck before stu chucks a rant 42 00:01:35,200 --> 00:01:38,240 at me or a theater fist or something 43 00:01:38,240 --> 00:01:41,759 so who am i uh detective sergeant uh for 44 00:01:41,759 --> 00:01:43,520 the yorks and humber regional organized 45 00:01:43,520 --> 00:01:46,079 crime unit i've been in policing for 23 46 00:01:46,079 --> 00:01:46,960 years 47 00:01:46,960 --> 00:01:48,960 uh started off at the front line wearing 48 00:01:48,960 --> 00:01:52,079 the funny bobble hat top out thing 49 00:01:52,079 --> 00:01:53,520 and then working my way through to 50 00:01:53,520 --> 00:01:55,280 intelligence which is where i spent a 51 00:01:55,280 --> 00:01:57,200 few years doing sort of uh 52 00:01:57,200 --> 00:01:59,360 some pretty sensitive intelligence areas 53 00:01:59,360 --> 00:02:01,520 and then moved on into 54 00:02:01,520 --> 00:02:03,439 seven years within cyber units and 55 00:02:03,439 --> 00:02:05,600 that's been pretty much around the 56 00:02:05,600 --> 00:02:07,920 incident response disaster recovery 57 00:02:07,920 --> 00:02:10,160 assistance for small medium companies 58 00:02:10,160 --> 00:02:12,480 large companies deal with themselves 59 00:02:12,480 --> 00:02:14,640 and looking at what we can do to help 60 00:02:14,640 --> 00:02:16,319 them and then looking at what drives the 61 00:02:16,319 --> 00:02:18,640 investigations taking those nuggets of 62 00:02:18,640 --> 00:02:20,800 the forensics from the back end of that 63 00:02:20,800 --> 00:02:21,920 and trying to put it together and 64 00:02:21,920 --> 00:02:24,000 finding that once again the threat actor 65 00:02:24,000 --> 00:02:25,760 comes from a jurisdiction that we can't 66 00:02:25,760 --> 00:02:26,879 touch 67 00:02:26,879 --> 00:02:28,080 so that was great 68 00:02:28,080 --> 00:02:30,959 um and then sort of five years the last 69 00:02:30,959 --> 00:02:32,400 five years of my time have been 70 00:02:32,400 --> 00:02:35,040 developing tech innovation teams 71 00:02:35,040 --> 00:02:37,120 take innovation being around 72 00:02:37,120 --> 00:02:39,760 law enforcement tech which they're still 73 00:02:39,760 --> 00:02:41,920 in what they're still working on xp so 74 00:02:41,920 --> 00:02:43,680 that's not difficult to 75 00:02:43,680 --> 00:02:45,920 innovate there but in truth it's looking 76 00:02:45,920 --> 00:02:47,280 at the problems 77 00:02:47,280 --> 00:02:48,800 and looking at 78 00:02:48,800 --> 00:02:50,640 how we can solve those problems it's 79 00:02:50,640 --> 00:02:52,319 been really interesting 80 00:02:52,319 --> 00:02:54,560 so uh pretty much this has been me when 81 00:02:54,560 --> 00:02:57,280 i was more fit yeah i wish 82 00:02:57,280 --> 00:02:59,280 pretty much this is me when i've when i 83 00:02:59,280 --> 00:03:01,200 was sitting around being very bored as a 84 00:03:01,200 --> 00:03:02,959 police officer but that's pretty much 85 00:03:02,959 --> 00:03:04,560 what most police officers in policing 86 00:03:04,560 --> 00:03:06,800 are doing is a traditional based 87 00:03:06,800 --> 00:03:09,040 policing but when i moved to yorkshire i 88 00:03:09,040 --> 00:03:11,360 was given the opportunity to start 89 00:03:11,360 --> 00:03:14,000 developing years in industry for 90 00:03:14,000 --> 00:03:16,720 computer science computer degree type 91 00:03:16,720 --> 00:03:19,599 students at the time we had a henry 92 00:03:19,599 --> 00:03:20,720 henry was 93 00:03:20,720 --> 00:03:22,640 an intern and they had no idea what to 94 00:03:22,640 --> 00:03:24,000 do with him they don't mind me saying 95 00:03:24,000 --> 00:03:26,000 that so i came in and i still had no 96 00:03:26,000 --> 00:03:29,920 idea but i made the choice to ask him 97 00:03:29,920 --> 00:03:31,440 that's developed through i'll talk about 98 00:03:31,440 --> 00:03:33,599 that journey but in the last 12 months 99 00:03:33,599 --> 00:03:35,200 i've started my own company as well as 100 00:03:35,200 --> 00:03:37,200 working in the police looking at digital 101 00:03:37,200 --> 00:03:38,799 transformation because of what i've 102 00:03:38,799 --> 00:03:39,680 learned 103 00:03:39,680 --> 00:03:41,760 and that's uh that's been an interesting 104 00:03:41,760 --> 00:03:43,920 journey in itself 105 00:03:43,920 --> 00:03:46,879 so why why policing why are we talking 106 00:03:46,879 --> 00:03:48,879 about cyber security 107 00:03:48,879 --> 00:03:51,120 uh yeah pretty much everyone knows these 108 00:03:51,120 --> 00:03:53,360 statistics they're made up they're taken 109 00:03:53,360 --> 00:03:56,000 from cisco they're taken from ibm's cost 110 00:03:56,000 --> 00:03:59,760 of data breach etc etc and we just know 111 00:03:59,760 --> 00:04:02,000 that it's happening every 39 seconds 112 00:04:02,000 --> 00:04:04,640 what a cyber attack is isn't defined so 113 00:04:04,640 --> 00:04:06,720 look at the costs so this is for me 114 00:04:06,720 --> 00:04:09,040 really what we're looking at increases 115 00:04:09,040 --> 00:04:12,560 by nearly 300 over the covered times 116 00:04:12,560 --> 00:04:14,640 and that's a huge increase that's what 117 00:04:14,640 --> 00:04:17,120 uh you you sort of clever guys and uh 118 00:04:17,120 --> 00:04:19,120 within the support and within the it 119 00:04:19,120 --> 00:04:20,320 spheres are trying to cope with and 120 00:04:20,320 --> 00:04:22,000 that's pretty horrendous 121 00:04:22,000 --> 00:04:24,400 and we still look at 122 00:04:24,400 --> 00:04:26,720 spam sixty percent malicious domains 123 00:04:26,720 --> 00:04:30,160 fishing 80 reported security incidents 124 00:04:30,160 --> 00:04:33,680 it still remains that user being the 125 00:04:33,680 --> 00:04:36,639 issue i'd say stu i'm saying issue in a 126 00:04:36,639 --> 00:04:39,120 kind and all-encompassing way 127 00:04:39,120 --> 00:04:41,600 but i think user is definitely for me 128 00:04:41,600 --> 00:04:43,040 where we need to be i was ashamed i 129 00:04:43,040 --> 00:04:44,960 couldn't see the whole of matthew's talk 130 00:04:44,960 --> 00:04:46,880 last i think it's probably going to send 131 00:04:46,880 --> 00:04:48,560 around some of the same 132 00:04:48,560 --> 00:04:50,720 and so it comes down to that why 133 00:04:50,720 --> 00:04:53,680 well 80 data records compromised every 134 00:04:53,680 --> 00:04:54,800 second 135 00:04:54,800 --> 00:04:58,080 and payment fraud for 2024 looking 136 00:04:58,080 --> 00:05:00,560 around 25 billion 137 00:05:00,560 --> 00:05:01,840 on fraud 138 00:05:01,840 --> 00:05:03,280 so this is 139 00:05:03,280 --> 00:05:05,840 pretty much faceless for fraud but it's 140 00:05:05,840 --> 00:05:08,840 very very much motivated by 141 00:05:08,840 --> 00:05:10,560 money 142 00:05:10,560 --> 00:05:11,360 so 143 00:05:11,360 --> 00:05:13,840 the problem we've got in the uk is a 144 00:05:13,840 --> 00:05:15,840 cyber shortage 145 00:05:15,840 --> 00:05:18,160 really apparently 146 00:05:18,160 --> 00:05:22,400 18 percent lack necessary tech skills 23 147 00:05:22,400 --> 00:05:24,400 lakh communication leadership management 148 00:05:24,400 --> 00:05:27,039 but for me communication here is really 149 00:05:27,039 --> 00:05:28,160 the point 150 00:05:28,160 --> 00:05:30,080 and 18 151 00:05:30,080 --> 00:05:34,080 of job applicants lack communication 152 00:05:34,080 --> 00:05:36,960 that's an interesting one to ponder 153 00:05:36,960 --> 00:05:39,039 if we get into 41 percent like an 154 00:05:39,039 --> 00:05:40,479 incident management investigation 155 00:05:40,479 --> 00:05:42,479 digital forensics well that's a training 156 00:05:42,479 --> 00:05:44,479 thing that's something that really that 157 00:05:44,479 --> 00:05:46,639 can be built in but it comes back to 158 00:05:46,639 --> 00:05:49,039 communication 159 00:05:49,039 --> 00:05:51,759 and 36 percent likes to lack skills in 160 00:05:51,759 --> 00:05:54,160 cyber security research 161 00:05:54,160 --> 00:05:56,319 now this has been taken from ipsos 162 00:05:56,319 --> 00:05:58,080 murray and department of culture media 163 00:05:58,080 --> 00:06:01,360 and sport figures so can't be wrong 164 00:06:01,360 --> 00:06:02,240 but 165 00:06:02,240 --> 00:06:05,280 lacks cyber security research skills 166 00:06:05,280 --> 00:06:07,759 pretty much everyone that i've worked 167 00:06:07,759 --> 00:06:09,680 with through students in the last four 168 00:06:09,680 --> 00:06:10,639 years 169 00:06:10,639 --> 00:06:12,160 were pretty good on cyber security 170 00:06:12,160 --> 00:06:13,919 research 171 00:06:13,919 --> 00:06:14,960 so 172 00:06:14,960 --> 00:06:18,160 i have to question really lack 173 00:06:18,160 --> 00:06:21,360 or is this a communication issue 174 00:06:21,360 --> 00:06:23,120 and we know full well we've heard it i'm 175 00:06:23,120 --> 00:06:26,000 gonna um not cause a drinking fine by 176 00:06:26,000 --> 00:06:28,720 saying there's a skills gap because 177 00:06:28,720 --> 00:06:30,080 i disagree 178 00:06:30,080 --> 00:06:32,880 i disagree there's a skills gap 179 00:06:32,880 --> 00:06:34,479 up on the screen you can see a number of 180 00:06:34,479 --> 00:06:36,880 people have reached notoriety good way 181 00:06:36,880 --> 00:06:38,479 started their own companies 182 00:06:38,479 --> 00:06:42,400 aged 22 14 12 17. 183 00:06:42,400 --> 00:06:45,440 and t sphinx my son 10. 184 00:06:45,440 --> 00:06:47,039 regularly beats the parent security 185 00:06:47,039 --> 00:06:49,120 cross i can put in 186 00:06:49,120 --> 00:06:51,440 i wouldn't say he likes skills 187 00:06:51,440 --> 00:06:54,639 i'd like say he's lacked direction 188 00:06:54,639 --> 00:06:56,880 or maybe all these people have got all 189 00:06:56,880 --> 00:06:58,639 the skills we need 190 00:06:58,639 --> 00:07:00,000 and actually what we're doing is we're 191 00:07:00,000 --> 00:07:03,680 just not translating them properly 192 00:07:03,680 --> 00:07:06,160 and then mca on the bottom 193 00:07:06,160 --> 00:07:09,520 from 2015 figures um average age of 194 00:07:09,520 --> 00:07:12,960 cyber crime suspect falling to 17. 195 00:07:12,960 --> 00:07:14,160 well 196 00:07:14,160 --> 00:07:15,520 cybercrime i 197 00:07:15,520 --> 00:07:16,960 have my own feelings around the cyber 198 00:07:16,960 --> 00:07:18,639 crime side i think the prevent needs to 199 00:07:18,639 --> 00:07:20,960 be built up so we can uh divert and 200 00:07:20,960 --> 00:07:22,960 bring them into uh blue teaming red 201 00:07:22,960 --> 00:07:24,400 teaming i mean that's where the skills 202 00:07:24,400 --> 00:07:26,639 are but again it points to not 203 00:07:26,639 --> 00:07:28,800 necessarily a skills gap but maybe that 204 00:07:28,800 --> 00:07:32,400 sort of translation error 205 00:07:32,400 --> 00:07:34,720 so let's have a look at the problem 50 206 00:07:34,720 --> 00:07:38,160 in the uk uh of companies have basic 207 00:07:38,160 --> 00:07:40,000 technical skills 208 00:07:40,000 --> 00:07:44,720 gaps are 680 000 companies in the uk 209 00:07:44,720 --> 00:07:46,800 have a basic technical skills gap and 210 00:07:46,800 --> 00:07:49,039 they define those skills gap 211 00:07:49,039 --> 00:07:50,400 even sort of been able to store and 212 00:07:50,400 --> 00:07:52,960 transfer public information private 213 00:07:52,960 --> 00:07:55,280 identifiable information safely 214 00:07:55,280 --> 00:07:57,440 detect remove malware setting up 215 00:07:57,440 --> 00:08:00,000 firewalls i mean these are not big 216 00:08:00,000 --> 00:08:01,919 skills to have i'm 217 00:08:01,919 --> 00:08:04,319 pretty sure that a lot of the kids that 218 00:08:04,319 --> 00:08:05,919 we've seen out there 219 00:08:05,919 --> 00:08:07,840 could pretty quickly have these skills 220 00:08:07,840 --> 00:08:11,199 and and help these 680 000 companies but 221 00:08:11,199 --> 00:08:14,160 they're not being given the chance 222 00:08:14,160 --> 00:08:16,319 so then just above the very strange 223 00:08:16,319 --> 00:08:19,039 looking giraffe um 28 224 00:08:19,039 --> 00:08:22,080 businesses offering internships 225 00:08:22,080 --> 00:08:23,120 so 226 00:08:23,120 --> 00:08:26,240 we've got 50 of all businesses 227 00:08:26,240 --> 00:08:29,039 have basic skills gaps 228 00:08:29,039 --> 00:08:31,039 and less than 20 and less than and just 229 00:08:31,039 --> 00:08:32,799 over a quarter of businesses at the 230 00:08:32,799 --> 00:08:34,958 whole of the uk are actually offering 231 00:08:34,958 --> 00:08:38,080 any chance to gain experience and let me 232 00:08:38,080 --> 00:08:40,399 tell you an internship is not expensive 233 00:08:40,399 --> 00:08:41,919 it definitely shouldn't be free and i've 234 00:08:41,919 --> 00:08:43,519 seen those questions on linkedin and 235 00:08:43,519 --> 00:08:45,440 twitter and we should always be paying 236 00:08:45,440 --> 00:08:47,120 our kids but 237 00:08:47,120 --> 00:08:49,120 what are they actually going to do 238 00:08:49,120 --> 00:08:51,440 i've had feedback from others going into 239 00:08:51,440 --> 00:08:54,080 intern placements to say that their 240 00:08:54,080 --> 00:08:56,560 first line they're answering phone calls 241 00:08:56,560 --> 00:08:59,200 okay these are gifted individuals why 242 00:08:59,200 --> 00:09:01,120 have we gotten answering phone calls i 243 00:09:01,120 --> 00:09:03,200 know yeah character building i know yeah 244 00:09:03,200 --> 00:09:04,720 so the answer they understand the 245 00:09:04,720 --> 00:09:05,920 problem but 246 00:09:05,920 --> 00:09:07,920 that's not giving them that real leg up 247 00:09:07,920 --> 00:09:09,440 that real foot up 248 00:09:09,440 --> 00:09:10,720 i've had others saying they're just 249 00:09:10,720 --> 00:09:12,240 spending day and day out for 12 months 250 00:09:12,240 --> 00:09:13,600 looking at pcap files looking at 251 00:09:13,600 --> 00:09:15,839 anomalies sure 252 00:09:15,839 --> 00:09:18,399 important understand that but for 12 253 00:09:18,399 --> 00:09:19,440 months 254 00:09:19,440 --> 00:09:20,880 we should be working better than this i 255 00:09:20,880 --> 00:09:22,720 think 256 00:09:22,720 --> 00:09:25,680 and these kids are our gateway 257 00:09:25,680 --> 00:09:26,720 into 258 00:09:26,720 --> 00:09:29,600 us when we're pensioners and i extend i 259 00:09:29,600 --> 00:09:31,440 understand ian that i've got less years 260 00:09:31,440 --> 00:09:33,839 than you to get to my pension age but 261 00:09:33,839 --> 00:09:35,680 it's just because i had a light paper 262 00:09:35,680 --> 00:09:36,640 round 263 00:09:36,640 --> 00:09:38,000 but actually why are we asking are we 264 00:09:38,000 --> 00:09:39,360 asking them for their thoughts are we 265 00:09:39,360 --> 00:09:41,600 asking the kids and students coming 266 00:09:41,600 --> 00:09:43,360 through on internships so we asking them 267 00:09:43,360 --> 00:09:45,680 for how they feel we could do better 268 00:09:45,680 --> 00:09:47,680 not usually 269 00:09:47,680 --> 00:09:50,000 so cyber sector lacks skills but fails 270 00:09:50,000 --> 00:09:53,279 to offer experience 271 00:09:53,279 --> 00:09:55,920 and then boot ducks diversity chucking 272 00:09:55,920 --> 00:09:58,240 in there but what are we looking at 273 00:09:58,240 --> 00:10:00,080 ten percent of all cyber roles in 274 00:10:00,080 --> 00:10:01,920 neurodivergent 275 00:10:01,920 --> 00:10:02,880 that's 276 00:10:02,880 --> 00:10:05,040 along onto the spectrum and autism 277 00:10:05,040 --> 00:10:06,880 dyslexia dyspraxia it is calculated 278 00:10:06,880 --> 00:10:07,600 that's 279 00:10:07,600 --> 00:10:09,920 that's calculated that's where i come in 280 00:10:09,920 --> 00:10:12,959 two percent of senior roles 281 00:10:12,959 --> 00:10:14,880 are neurodivergent 282 00:10:14,880 --> 00:10:17,279 so that's not translating to the top 283 00:10:17,279 --> 00:10:19,440 three percent 284 00:10:19,440 --> 00:10:21,680 of senior roles of women 285 00:10:21,680 --> 00:10:23,839 ethnic minorities three percent of 286 00:10:23,839 --> 00:10:25,519 senior roles one percent of senior roles 287 00:10:25,519 --> 00:10:28,240 are disabled really isn't representing 288 00:10:28,240 --> 00:10:30,720 society 289 00:10:30,720 --> 00:10:32,480 i've seen some real opportunities here 290 00:10:32,480 --> 00:10:34,560 some real potential for unconscious bias 291 00:10:34,560 --> 00:10:35,920 recruitment issues 292 00:10:35,920 --> 00:10:38,000 maybe this is part of the problem but 293 00:10:38,000 --> 00:10:40,480 why is it important well 294 00:10:40,480 --> 00:10:42,640 it's important because of two things 295 00:10:42,640 --> 00:10:44,320 many things but two main things that i 296 00:10:44,320 --> 00:10:46,399 said one 297 00:10:46,399 --> 00:10:47,600 the attack 298 00:10:47,600 --> 00:10:49,120 is coming from 299 00:10:49,120 --> 00:10:50,399 society 300 00:10:50,399 --> 00:10:53,120 if we don't represent society in our 301 00:10:53,120 --> 00:10:55,680 cyber defense how do we understand what 302 00:10:55,680 --> 00:10:57,760 that attack vector looks like what that 303 00:10:57,760 --> 00:10:59,040 next attack 304 00:10:59,040 --> 00:11:00,800 thought processes 305 00:11:00,800 --> 00:11:02,240 and 306 00:11:02,240 --> 00:11:04,480 how do we understand what our users are 307 00:11:04,480 --> 00:11:06,079 doing we've heard in the last talk about 308 00:11:06,079 --> 00:11:07,920 the user and understanding what that 309 00:11:07,920 --> 00:11:09,440 user is going through 310 00:11:09,440 --> 00:11:12,160 but if we don't reflect the user in our 311 00:11:12,160 --> 00:11:14,160 staffing then how do we know what their 312 00:11:14,160 --> 00:11:16,000 problems are how do we know why they're 313 00:11:16,000 --> 00:11:18,399 circumnavigating the security controls 314 00:11:18,399 --> 00:11:20,800 we don't 315 00:11:20,959 --> 00:11:23,279 so it comes on to me telling you there's 316 00:11:23,279 --> 00:11:25,440 a huge cyber crime problem as usual 317 00:11:25,440 --> 00:11:27,040 that's me doing my policing bit and 318 00:11:27,040 --> 00:11:29,839 being 10 years behind everything else 319 00:11:29,839 --> 00:11:32,560 and the main attack vector is via the 320 00:11:32,560 --> 00:11:34,720 user 321 00:11:34,720 --> 00:11:37,120 nothing new there 322 00:11:37,120 --> 00:11:38,640 we know companies can't recruit into 323 00:11:38,640 --> 00:11:41,600 cyber roles they label skills to define 324 00:11:41,600 --> 00:11:44,079 roles but that label i feeling is is 325 00:11:44,079 --> 00:11:45,680 wrong this is where the labeling needs 326 00:11:45,680 --> 00:11:48,560 to be redefined 327 00:11:48,560 --> 00:11:49,279 and 328 00:11:49,279 --> 00:11:51,440 funnily enough they fail to attract 329 00:11:51,440 --> 00:11:53,040 relevant applicants and don't offer the 330 00:11:53,040 --> 00:11:55,120 experience to those people in there and 331 00:11:55,120 --> 00:11:56,639 of course we come on to the age old one 332 00:11:56,639 --> 00:11:58,320 that we've seen many times that require 333 00:11:58,320 --> 00:12:00,320 years of experience 10 years of 334 00:12:00,320 --> 00:12:02,800 experience for kubernetes pretty sure it 335 00:12:02,800 --> 00:12:04,240 hasn't been around for 10 years but i've 336 00:12:04,240 --> 00:12:05,600 seen the adverts 337 00:12:05,600 --> 00:12:08,639 asking for these unreasonable amounts 338 00:12:08,639 --> 00:12:11,120 so effectively cyber sector our good 339 00:12:11,120 --> 00:12:13,040 people all the people here do not 340 00:12:13,040 --> 00:12:15,200 reflect the threat 341 00:12:15,200 --> 00:12:17,839 and don't reflect the users 342 00:12:17,839 --> 00:12:20,079 so let's quickly go through recruitment 343 00:12:20,079 --> 00:12:21,839 heard it fantastic uh 344 00:12:21,839 --> 00:12:24,000 yesterday to go through this from dan i 345 00:12:24,000 --> 00:12:26,160 think it was superb summed out really 346 00:12:26,160 --> 00:12:29,200 nicely but someone leaves a new role or 347 00:12:29,200 --> 00:12:31,279 a new role is created 348 00:12:31,279 --> 00:12:32,560 senior role 349 00:12:32,560 --> 00:12:34,160 don't forget that 350 00:12:34,160 --> 00:12:36,639 diversity-wise not reflection of society 351 00:12:36,639 --> 00:12:38,800 at all but the senior role decides to 352 00:12:38,800 --> 00:12:41,360 advertise 353 00:12:41,360 --> 00:12:43,360 hr gets involved 354 00:12:43,360 --> 00:12:44,880 not techy at all don't understand 355 00:12:44,880 --> 00:12:46,320 anything and they deal with a strategy 356 00:12:46,320 --> 00:12:47,839 they deal with getting that marketing 357 00:12:47,839 --> 00:12:48,880 out there 358 00:12:48,880 --> 00:12:51,279 and they use that existing role profile 359 00:12:51,279 --> 00:12:53,680 because well bob's left so we need to 360 00:12:53,680 --> 00:12:55,440 replace bob 361 00:12:55,440 --> 00:12:56,959 with bob 362 00:12:56,959 --> 00:12:58,959 that's not moving forward 363 00:12:58,959 --> 00:13:01,040 and they send out that exciting advert 364 00:13:01,040 --> 00:13:03,839 looking for their ideal candidate 365 00:13:03,839 --> 00:13:05,279 yeah well 366 00:13:05,279 --> 00:13:06,959 most people don't see it as an exciting 367 00:13:06,959 --> 00:13:09,279 advert and has been said previously you 368 00:13:09,279 --> 00:13:11,519 know they're asking for really 369 00:13:11,519 --> 00:13:12,880 unrealistic 370 00:13:12,880 --> 00:13:15,839 expectations on some really basic areas 371 00:13:15,839 --> 00:13:18,079 and then hr do the paper shift 372 00:13:18,079 --> 00:13:20,480 if it's automated or if it's not that's 373 00:13:20,480 --> 00:13:23,120 not but hr do that paper shift 374 00:13:23,120 --> 00:13:23,920 and 375 00:13:23,920 --> 00:13:25,600 that means 376 00:13:25,600 --> 00:13:27,519 that they've just missed 377 00:13:27,519 --> 00:13:29,680 all the kids that didn't work their 378 00:13:29,680 --> 00:13:32,399 applications right who have the skills 379 00:13:32,399 --> 00:13:34,560 and i've been there and i've seen it 380 00:13:34,560 --> 00:13:36,720 because for our intern placements 381 00:13:36,720 --> 00:13:38,800 we have on the last count on the last 382 00:13:38,800 --> 00:13:41,920 group 128 applications came in for five 383 00:13:41,920 --> 00:13:43,360 rolls 384 00:13:43,360 --> 00:13:45,360 and within those 385 00:13:45,360 --> 00:13:47,199 the applications were awful 386 00:13:47,199 --> 00:13:48,880 they were truly bad 387 00:13:48,880 --> 00:13:50,320 because these are kids they're really 388 00:13:50,320 --> 00:13:52,880 gifted kids but they're kids 389 00:13:52,880 --> 00:13:54,399 and on a couple of 390 00:13:54,399 --> 00:13:56,399 applications that came in i saw that 391 00:13:56,399 --> 00:13:58,240 they'd answered one of my questions i 392 00:13:58,240 --> 00:14:00,000 wrote the questions one of my questions 393 00:14:00,000 --> 00:14:02,160 not applicable it's like you know i 394 00:14:02,160 --> 00:14:03,600 wrote the question it probably is 395 00:14:03,600 --> 00:14:05,600 applicable 396 00:14:05,600 --> 00:14:08,000 but one of those one-line answers was 397 00:14:08,000 --> 00:14:10,160 top 10 in the uk bug bounty for tesla 398 00:14:10,160 --> 00:14:12,880 and microsoft 399 00:14:12,880 --> 00:14:14,639 this kid's got skills but he would have 400 00:14:14,639 --> 00:14:17,199 been missed had it gone through the hr 401 00:14:17,199 --> 00:14:20,160 process i took him in 402 00:14:20,160 --> 00:14:21,920 very short time later he was head hunted 403 00:14:21,920 --> 00:14:24,560 by a fantastic pentest company superb 404 00:14:24,560 --> 00:14:27,920 job done got him into cyber 405 00:14:27,920 --> 00:14:29,600 then it comes down to the interview 406 00:14:29,600 --> 00:14:31,279 that's when we start to get into the 407 00:14:31,279 --> 00:14:34,000 reality of meeting people and maybe the 408 00:14:34,000 --> 00:14:36,240 process can rectify itself but it's too 409 00:14:36,240 --> 00:14:39,040 late so end up that we offer another 410 00:14:39,040 --> 00:14:41,600 middle-aged guy with years of experience 411 00:14:41,600 --> 00:14:43,680 the same experience as the last 412 00:14:43,680 --> 00:14:46,399 middle-aged guy 413 00:14:46,399 --> 00:14:50,800 so i think the problem is translation 414 00:14:50,800 --> 00:14:53,120 younger and older generations just don't 415 00:14:53,120 --> 00:14:55,519 get each other i speak to my kids i 416 00:14:55,519 --> 00:14:56,880 speak to my son 417 00:14:56,880 --> 00:14:59,199 and we have fallouts many times mostly 418 00:14:59,199 --> 00:15:01,600 because of communication 419 00:15:01,600 --> 00:15:04,000 because what he thinks are his skills 420 00:15:04,000 --> 00:15:05,839 i don't see as a translation into real 421 00:15:05,839 --> 00:15:07,040 world skills 422 00:15:07,040 --> 00:15:09,839 but in truth they really are 423 00:15:09,839 --> 00:15:11,760 he describes his skills differently and 424 00:15:11,760 --> 00:15:14,000 experienced really differently but 425 00:15:14,000 --> 00:15:15,440 actually when you look at that and 426 00:15:15,440 --> 00:15:17,279 really delve into what he's saying as a 427 00:15:17,279 --> 00:15:19,040 10 year old kid 428 00:15:19,040 --> 00:15:22,000 there's real world opportunities 429 00:15:22,000 --> 00:15:24,480 to put application in 430 00:15:24,480 --> 00:15:26,480 and of course with younger generations 431 00:15:26,480 --> 00:15:28,800 now and i speak as an older generation 432 00:15:28,800 --> 00:15:31,120 despite my years 433 00:15:31,120 --> 00:15:33,120 but as it's speaking to the younger 434 00:15:33,120 --> 00:15:34,880 generations they're filled with 435 00:15:34,880 --> 00:15:36,160 confidence 436 00:15:36,160 --> 00:15:38,639 they are of a generation 437 00:15:38,639 --> 00:15:40,639 and a lot of the speakers we've had here 438 00:15:40,639 --> 00:15:42,160 are the same people 439 00:15:42,160 --> 00:15:44,079 that are used to having information on 440 00:15:44,079 --> 00:15:45,839 their fingertips 441 00:15:45,839 --> 00:15:48,800 we can ask the voice assessment 442 00:15:48,800 --> 00:15:50,720 voice assistant he says turning us off 443 00:15:50,720 --> 00:15:52,639 before i say the word 444 00:15:52,639 --> 00:15:54,880 we can ask google we can ask anything 445 00:15:54,880 --> 00:15:57,120 else for information and it's there at 446 00:15:57,120 --> 00:15:59,600 our fingertips why wouldn't 447 00:15:59,600 --> 00:16:01,360 our younger generations be hugely 448 00:16:01,360 --> 00:16:03,519 confident in their abilities 449 00:16:03,519 --> 00:16:05,120 and this thing comes down to the fact 450 00:16:05,120 --> 00:16:06,079 that 451 00:16:06,079 --> 00:16:07,839 that confidence can sometimes come 452 00:16:07,839 --> 00:16:10,800 across as arrogance 453 00:16:12,000 --> 00:16:14,000 but this is where i say wait 454 00:16:14,000 --> 00:16:16,000 these cultural differences are the same 455 00:16:16,000 --> 00:16:18,160 as the societal differences 456 00:16:18,160 --> 00:16:20,720 and this is again showing that split 457 00:16:20,720 --> 00:16:22,240 where we're not pulling in from that 458 00:16:22,240 --> 00:16:24,399 diverse background and part of the 459 00:16:24,399 --> 00:16:26,720 reason for this 460 00:16:26,720 --> 00:16:28,399 you could always have a cat picture this 461 00:16:28,399 --> 00:16:30,720 has to be a cat picture 462 00:16:30,720 --> 00:16:33,759 so the problem is the user we know that 463 00:16:33,759 --> 00:16:35,440 it's called layer rate or whichever you 464 00:16:35,440 --> 00:16:37,440 want to put it and not counting them out 465 00:16:37,440 --> 00:16:38,560 because actually they're really 466 00:16:38,560 --> 00:16:40,639 important but the user is the problem 467 00:16:40,639 --> 00:16:43,360 the user needs training and educating 468 00:16:43,360 --> 00:16:44,800 and the tech moves too fast for the 469 00:16:44,800 --> 00:16:46,320 training to evolve 470 00:16:46,320 --> 00:16:49,040 the user finds the tech training boring 471 00:16:49,040 --> 00:16:50,560 and irrelevant 472 00:16:50,560 --> 00:16:52,800 and the user is under increasing work 473 00:16:52,800 --> 00:16:55,120 pressure so cats corners misses threat 474 00:16:55,120 --> 00:16:56,399 identifiers 475 00:16:56,399 --> 00:16:58,000 doesn't use mfa 476 00:16:58,000 --> 00:17:00,160 uses easy passwords 477 00:17:00,160 --> 00:17:01,600 prints out those documents sticks the 478 00:17:01,600 --> 00:17:04,240 usb in boom company's just been taken 479 00:17:04,240 --> 00:17:05,599 down 480 00:17:05,599 --> 00:17:07,760 and of course now covered to come along 481 00:17:07,760 --> 00:17:09,039 and the user 482 00:17:09,039 --> 00:17:10,720 has just been moved away from the office 483 00:17:10,720 --> 00:17:12,400 environment and 484 00:17:12,400 --> 00:17:14,559 yep put into an uncontrolled environment 485 00:17:14,559 --> 00:17:16,559 where they have their own iot their own 486 00:17:16,559 --> 00:17:19,520 cameras their own wi-fi their own kids 487 00:17:19,520 --> 00:17:21,359 using their own devices and using their 488 00:17:21,359 --> 00:17:23,760 work devices to play games on and yep 489 00:17:23,760 --> 00:17:26,319 updating and uploading those mods which 490 00:17:26,319 --> 00:17:27,919 are infected 491 00:17:27,919 --> 00:17:30,640 onto work devices and that's putting a 492 00:17:30,640 --> 00:17:33,039 lot of strain on the gifted people here 493 00:17:33,039 --> 00:17:34,480 that are working in input second 494 00:17:34,480 --> 00:17:36,000 security 495 00:17:36,000 --> 00:17:38,320 but it is the user that keeps the 496 00:17:38,320 --> 00:17:41,120 business going 497 00:17:41,520 --> 00:17:43,520 so my conclusion 498 00:17:43,520 --> 00:17:45,840 is that to defend ourselves we need to 499 00:17:45,840 --> 00:17:48,000 recruit better 500 00:17:48,000 --> 00:17:50,160 and improving improvement will 501 00:17:50,160 --> 00:17:52,640 absolutely help with bringing those new 502 00:17:52,640 --> 00:17:56,360 ideas in from youth gender diversity 503 00:17:56,360 --> 00:17:58,640 neurodiversity into the companies which 504 00:17:58,640 --> 00:18:01,520 will help us defend better 505 00:18:01,520 --> 00:18:02,960 and to change 506 00:18:02,960 --> 00:18:05,360 we need the seniors those one percent 507 00:18:05,360 --> 00:18:07,919 two percent three percent to trust and 508 00:18:07,919 --> 00:18:10,000 listen to the juniors 509 00:18:10,000 --> 00:18:12,080 because they know their chisel okay 510 00:18:12,080 --> 00:18:14,400 there we are but 511 00:18:14,400 --> 00:18:16,480 i know none of that's new and i can't 512 00:18:16,480 --> 00:18:18,880 stand i'll sit in a beer con and put 513 00:18:18,880 --> 00:18:21,039 across stuff that's not new 514 00:18:21,039 --> 00:18:24,879 so before you rip me apart 515 00:18:25,679 --> 00:18:26,840 there's a bigger 516 00:18:26,840 --> 00:18:30,400 problem the user 517 00:18:30,400 --> 00:18:32,880 the users out there the user 518 00:18:32,880 --> 00:18:35,760 is always going to look to try and get 519 00:18:35,760 --> 00:18:38,160 around your security 520 00:18:38,160 --> 00:18:40,480 and yet we can do some phishing training 521 00:18:40,480 --> 00:18:42,080 and yet we can do some awareness 522 00:18:42,080 --> 00:18:43,840 training 523 00:18:43,840 --> 00:18:45,760 but they don't think it's relevant 524 00:18:45,760 --> 00:18:47,280 they don't think it's relevant because 525 00:18:47,280 --> 00:18:48,960 just the same as when they're on 526 00:18:48,960 --> 00:18:50,720 facebook or meta or whatever it's going 527 00:18:50,720 --> 00:18:51,840 to be called 528 00:18:51,840 --> 00:18:53,760 and instagram and snapchat and 529 00:18:53,760 --> 00:18:55,520 everything else they're involved they're 530 00:18:55,520 --> 00:18:56,640 as they're 531 00:18:56,640 --> 00:18:57,679 involved in their phone they're 532 00:18:57,679 --> 00:19:00,240 completely absorbed in their device 533 00:19:00,240 --> 00:19:02,240 so they don't see the threat they don't 534 00:19:02,240 --> 00:19:05,520 live the threat like we do 535 00:19:06,160 --> 00:19:08,480 this is no great surprise to anyone we 536 00:19:08,480 --> 00:19:11,039 know that the security layer builds on 537 00:19:11,039 --> 00:19:12,880 more security but that takes away from 538 00:19:12,880 --> 00:19:15,200 functionality so we need more functional 539 00:19:15,200 --> 00:19:17,280 side of our product so we move it less 540 00:19:17,280 --> 00:19:19,440 from security and more functional 541 00:19:19,440 --> 00:19:21,200 but then it's yes usable 542 00:19:21,200 --> 00:19:23,280 and it's that balance this is the 543 00:19:23,280 --> 00:19:25,600 crucial point for me and having that 544 00:19:25,600 --> 00:19:28,000 balance of where the user sits in that 545 00:19:28,000 --> 00:19:31,679 triangle i think is key 546 00:19:32,559 --> 00:19:35,679 so who could we possibly help that would 547 00:19:35,679 --> 00:19:38,799 help those users at home and help us in 548 00:19:38,799 --> 00:19:41,440 that balance 549 00:19:42,559 --> 00:19:44,559 not joking 550 00:19:44,559 --> 00:19:46,720 kids are me 551 00:19:46,720 --> 00:19:49,200 kids from all over society 552 00:19:49,200 --> 00:19:50,559 can help 553 00:19:50,559 --> 00:19:53,679 and here's why they get tech 554 00:19:53,679 --> 00:19:55,679 and they learn fast 555 00:19:55,679 --> 00:19:57,280 they get tech because they live here 556 00:19:57,280 --> 00:19:59,919 that's everything they do 557 00:19:59,919 --> 00:20:02,880 we need a program that builds across the 558 00:20:02,880 --> 00:20:05,520 country to teach our kids 559 00:20:05,520 --> 00:20:06,960 to defend 560 00:20:06,960 --> 00:20:10,159 through the basics remembering back 680 561 00:20:10,159 --> 00:20:12,640 000 companies just in the uk alone don't 562 00:20:12,640 --> 00:20:14,799 have basic security 563 00:20:14,799 --> 00:20:15,520 so 564 00:20:15,520 --> 00:20:18,480 let's get our kids to learn the basics 565 00:20:18,480 --> 00:20:21,840 mfa password security not putting that 566 00:20:21,840 --> 00:20:24,480 usb in 567 00:20:24,480 --> 00:20:27,440 and we build peer teams of kids 568 00:20:27,440 --> 00:20:30,000 now i'm saying kids i'm talking our 569 00:20:30,000 --> 00:20:32,159 youth i'm talking across society 570 00:20:32,159 --> 00:20:34,480 bringing in people from anywhere from 571 00:20:34,480 --> 00:20:37,520 phd students right down through 572 00:20:37,520 --> 00:20:39,200 cyber first and chucking it out there 573 00:20:39,200 --> 00:20:41,280 anyone that comes in onto the scheme and 574 00:20:41,280 --> 00:20:44,159 we build peer teams through this trusted 575 00:20:44,159 --> 00:20:46,960 beer farmers network but people 576 00:20:46,960 --> 00:20:48,400 ultimately who are trying to do some 577 00:20:48,400 --> 00:20:49,360 good 578 00:20:49,360 --> 00:20:51,919 and we build these peer teams out of the 579 00:20:51,919 --> 00:20:54,799 kids and we put in those kids that would 580 00:20:54,799 --> 00:20:56,080 have probably been on the wrong side of 581 00:20:56,080 --> 00:20:58,640 sub compute misusage 582 00:20:58,640 --> 00:21:00,960 and we send those peer teams out to 583 00:21:00,960 --> 00:21:03,760 support the user through clinics and 584 00:21:03,760 --> 00:21:05,200 surgeries 585 00:21:05,200 --> 00:21:07,280 put them into our elderly places put 586 00:21:07,280 --> 00:21:08,960 them into our care homes put them into 587 00:21:08,960 --> 00:21:10,640 companies put them into universities put 588 00:21:10,640 --> 00:21:12,000 them into churches 589 00:21:12,000 --> 00:21:15,039 anywhere else and i think this may just 590 00:21:15,039 --> 00:21:18,080 give us a real opportunity to provide 591 00:21:18,080 --> 00:21:20,240 some meaningful support 592 00:21:20,240 --> 00:21:22,240 to our communities 593 00:21:22,240 --> 00:21:23,760 think of all those schools all as 594 00:21:23,760 --> 00:21:25,840 parents that if their kids knew what 595 00:21:25,840 --> 00:21:27,919 they were doing and they were trusted 596 00:21:27,919 --> 00:21:30,080 because they're part of this security 597 00:21:30,080 --> 00:21:31,840 peer team network 598 00:21:31,840 --> 00:21:33,440 they could help their parents 599 00:21:33,440 --> 00:21:34,960 their parents are the directors their 600 00:21:34,960 --> 00:21:38,559 parents are the owners of the companies 601 00:21:38,559 --> 00:21:40,080 and of course the benefit from that was 602 00:21:40,080 --> 00:21:41,520 the kids they gained knowledge they 603 00:21:41,520 --> 00:21:43,039 gained experience they gained experience 604 00:21:43,039 --> 00:21:45,679 of talking audit they get experience of 605 00:21:45,679 --> 00:21:47,679 talking assurance and all these lovely 606 00:21:47,679 --> 00:21:49,520 bits that we enjoy spending our time 607 00:21:49,520 --> 00:21:51,360 writing documents about and so they get 608 00:21:51,360 --> 00:21:53,440 jobs 609 00:21:53,440 --> 00:21:55,440 and the other benefit is the users are 610 00:21:55,440 --> 00:21:58,240 then provided with a security letter 611 00:21:58,240 --> 00:22:01,360 it's like a layer eight pairing security 612 00:22:01,360 --> 00:22:03,678 layer 613 00:22:04,000 --> 00:22:06,080 so what's appear to me 614 00:22:06,080 --> 00:22:09,280 kids with all sorts of gifts all sorts 615 00:22:09,280 --> 00:22:10,640 of experience 616 00:22:10,640 --> 00:22:12,080 who can drop in they can get some 617 00:22:12,080 --> 00:22:14,000 experience in red teams blue teams 618 00:22:14,000 --> 00:22:16,400 yellow teams pink teams purple teams 619 00:22:16,400 --> 00:22:18,080 whatever team you want to put them in 620 00:22:18,080 --> 00:22:19,919 just give them short term experience 621 00:22:19,919 --> 00:22:21,520 don't get them sitting watching the ecap 622 00:22:21,520 --> 00:22:24,000 files or giving first tier response 623 00:22:24,000 --> 00:22:25,280 let's get them across and get them 624 00:22:25,280 --> 00:22:26,799 across the entire sector to get 625 00:22:26,799 --> 00:22:29,919 meaningful experience 626 00:22:29,919 --> 00:22:32,320 and we pull in kids that are completely 627 00:22:32,320 --> 00:22:34,320 disenfranchised from schooling we pull 628 00:22:34,320 --> 00:22:36,640 in kids that just are not interested in 629 00:22:36,640 --> 00:22:39,280 mainstream schooling but let's get hold 630 00:22:39,280 --> 00:22:40,799 of them let's put them in the peer teams 631 00:22:40,799 --> 00:22:42,720 and let's drive them forward so that we 632 00:22:42,720 --> 00:22:46,400 actually give them a future 633 00:22:46,400 --> 00:22:47,919 and that can draw from anywhere in 634 00:22:47,919 --> 00:22:50,559 society 635 00:22:52,000 --> 00:22:53,520 that's everything 636 00:22:53,520 --> 00:22:55,840 to give the user 637 00:22:55,840 --> 00:22:58,480 some support 638 00:22:58,720 --> 00:23:00,720 now i'm afraid i've finished a tiny bit 639 00:23:00,720 --> 00:23:02,320 earlier than i'd hoped that's because i 640 00:23:02,320 --> 00:23:04,320 got excited and ian knows what i'm like 641 00:23:04,320 --> 00:23:05,919 so i just want to finish with a couple 642 00:23:05,919 --> 00:23:07,600 of thank yous and that is very much 643 00:23:07,600 --> 00:23:09,440 thank you to the beer farmers for this 644 00:23:09,440 --> 00:23:12,159 absolutely awesome conference and to uh 645 00:23:12,159 --> 00:23:14,720 for letting me present here because this 646 00:23:14,720 --> 00:23:16,240 was something very different for 647 00:23:16,240 --> 00:23:18,240 policing to be part of 648 00:23:18,240 --> 00:23:20,640 and uh i also just want to quickly say 649 00:23:20,640 --> 00:23:22,159 thank you to all the interns and 650 00:23:22,159 --> 00:23:23,840 students that i've worked with in the 651 00:23:23,840 --> 00:23:26,400 last four years for showing me what true 652 00:23:26,400 --> 00:23:27,679 innovation is 653 00:23:27,679 --> 00:23:28,960 and just 654 00:23:28,960 --> 00:23:31,919 reminding me to think differently 655 00:23:31,919 --> 00:23:34,240 so that's it from me thank you so much 656 00:23:34,240 --> 00:23:36,000 for putting up with my waffle and i'll 657 00:23:36,000 --> 00:23:39,280 let you get back to the real speakers 658 00:23:39,679 --> 00:23:42,720 i think thank you hugely chris for 659 00:23:42,720 --> 00:23:44,559 spinning sort of the 660 00:23:44,559 --> 00:23:47,840 the viewpoint of everyone uh in that was 661 00:23:47,840 --> 00:23:49,440 in our audience and attending the talks 662 00:23:49,440 --> 00:23:51,520 today and anyone that will see that talk 663 00:23:51,520 --> 00:23:54,320 in the future um i i kind of have a 664 00:23:54,320 --> 00:23:56,559 question about like 665 00:23:56,559 --> 00:23:58,559 it it's clear that you're working with 666 00:23:58,559 --> 00:24:00,640 um you know the neurodiverse those 667 00:24:00,640 --> 00:24:03,120 different communities i think 668 00:24:03,120 --> 00:24:05,679 what's interesting is our business is 669 00:24:05,679 --> 00:24:07,520 having those conversations with you as 670 00:24:07,520 --> 00:24:09,520 well are you getting into those 671 00:24:09,520 --> 00:24:13,039 companies and saying you know i've got 672 00:24:13,039 --> 00:24:15,840 potentially um something that you should 673 00:24:15,840 --> 00:24:17,760 pay attention to or something you should 674 00:24:17,760 --> 00:24:19,919 embrace absolutely we are starting to 675 00:24:19,919 --> 00:24:21,440 see that happen 676 00:24:21,440 --> 00:24:23,360 and it's absolutely truly wonderful 677 00:24:23,360 --> 00:24:25,120 because i do believe that the only way 678 00:24:25,120 --> 00:24:27,039 that we can really start to make a 679 00:24:27,039 --> 00:24:29,279 difference for both the kids that are 680 00:24:29,279 --> 00:24:31,679 coming through our pipeline and for the 681 00:24:31,679 --> 00:24:33,120 companies that are reaching out is to 682 00:24:33,120 --> 00:24:35,440 work together we have to work smarter 683 00:24:35,440 --> 00:24:37,520 because this is a fast revolving problem 684 00:24:37,520 --> 00:24:40,000 that a sup than a siloed company can 685 00:24:40,000 --> 00:24:41,279 evolve to 686 00:24:41,279 --> 00:24:43,440 and as i've said already we've had 687 00:24:43,440 --> 00:24:45,200 kids taken into 688 00:24:45,200 --> 00:24:47,120 pen test companies we've had kids go 689 00:24:47,120 --> 00:24:49,200 through to some fantastic companies 690 00:24:49,200 --> 00:24:52,000 locally which is giving real opportunity 691 00:24:52,000 --> 00:24:53,520 for those kids 692 00:24:53,520 --> 00:24:54,960 but the great the main thing that 693 00:24:54,960 --> 00:24:58,080 happens for me is that people don't just 694 00:24:58,080 --> 00:24:59,760 see their application 695 00:24:59,760 --> 00:25:01,760 because we're able to put these kids 696 00:25:01,760 --> 00:25:03,679 into this into the companies for short 697 00:25:03,679 --> 00:25:05,840 periods of time and that work with them 698 00:25:05,840 --> 00:25:07,840 they realize that actually the 699 00:25:07,840 --> 00:25:10,000 neurodivergence or the the cultural 700 00:25:10,000 --> 00:25:11,679 difference or the gender difference or 701 00:25:11,679 --> 00:25:12,799 anything else 702 00:25:12,799 --> 00:25:15,279 really doesn't matter these kids and 703 00:25:15,279 --> 00:25:17,600 these these young people are just gifted 704 00:25:17,600 --> 00:25:19,919 individuals and they have wonderful 705 00:25:19,919 --> 00:25:22,159 viewpoints that can really enrich any 706 00:25:22,159 --> 00:25:23,679 company they go into 707 00:25:23,679 --> 00:25:25,840 but for me this is why i think the 708 00:25:25,840 --> 00:25:27,760 question doesn't come from what we can 709 00:25:27,760 --> 00:25:28,400 do 710 00:25:28,400 --> 00:25:30,480 as policing i've just done a proof of 711 00:25:30,480 --> 00:25:32,960 concept that's all we've done here this 712 00:25:32,960 --> 00:25:35,120 is not something particularly new 713 00:25:35,120 --> 00:25:37,279 but this needs to really scale up across 714 00:25:37,279 --> 00:25:39,600 the communities and start see where we 715 00:25:39,600 --> 00:25:41,279 can really enhance digital 716 00:25:41,279 --> 00:25:43,039 transformation across those companies 717 00:25:43,039 --> 00:25:45,039 that would never even see the 718 00:25:45,039 --> 00:25:48,559 opportunity for taking on an intern 719 00:25:48,559 --> 00:25:50,960 yeah you said that you you i've only 720 00:25:50,960 --> 00:25:52,799 done a proof of concept i i think you 721 00:25:52,799 --> 00:25:54,320 can actually shorten that too at least 722 00:25:54,320 --> 00:25:56,799 you've done something like i keep 723 00:25:56,799 --> 00:25:59,440 hearing about problems in the industry 724 00:25:59,440 --> 00:26:02,159 but i don't actually see the same people 725 00:26:02,159 --> 00:26:04,320 complaining there's problems trying to 726 00:26:04,320 --> 00:26:06,159 make solutions yeah or at least even 727 00:26:06,159 --> 00:26:08,960 just go here's my idea i know it's crap 728 00:26:08,960 --> 00:26:10,960 someone take it open source it do what 729 00:26:10,960 --> 00:26:12,799 you want with it you build on it build 730 00:26:12,799 --> 00:26:14,720 something and continue on 731 00:26:14,720 --> 00:26:16,720 it's just uh here's a problem write them 732 00:26:16,720 --> 00:26:18,799 off now bye okay 733 00:26:18,799 --> 00:26:20,720 let's actually try and fix it so it's 734 00:26:20,720 --> 00:26:22,240 awesome there's a lot of that around 735 00:26:22,240 --> 00:26:24,720 yeah and it's obviously if you're not 736 00:26:24,720 --> 00:26:25,840 part of the solution you're part of the 737 00:26:25,840 --> 00:26:28,400 problem right yeah and it's a i think 738 00:26:28,400 --> 00:26:30,159 it's a relevant thing to say the 739 00:26:30,159 --> 00:26:32,000 feedback has been great uh you've 740 00:26:32,000 --> 00:26:34,400 inspired somebody that's actually said 741 00:26:34,400 --> 00:26:36,559 you've inspired them so that's that's a 742 00:26:36,559 --> 00:26:37,919 that's a good outcome right i think he 743 00:26:37,919 --> 00:26:39,520 was referring to the last speaker he was 744 00:26:39,520 --> 00:26:40,880 just delayed on his text that's what it 745 00:26:40,880 --> 00:26:42,240 was yeah 746 00:26:42,240 --> 00:26:44,559 did he have an echo as well 747 00:26:44,559 --> 00:26:46,480 but definitely uh definitely aimed at 748 00:26:46,480 --> 00:26:48,720 yourself chris yeah absolutely brilliant 749 00:26:48,720 --> 00:26:49,919 and 750 00:26:49,919 --> 00:26:52,720 everybody can do more but it's great 751 00:26:52,720 --> 00:26:53,600 seeing 752 00:26:53,600 --> 00:26:54,960 it in action 753 00:26:54,960 --> 00:26:56,799 and and it being outcome driven and 754 00:26:56,799 --> 00:26:58,000 that's what everything really should be 755 00:26:58,000 --> 00:26:59,520 about when we're talking about improving 756 00:26:59,520 --> 00:27:00,880 life chances 757 00:27:00,880 --> 00:27:02,720 for individuals whoever they are we've 758 00:27:02,720 --> 00:27:04,240 seen that i was just going to say we've 759 00:27:04,240 --> 00:27:05,679 seen that 760 00:27:05,679 --> 00:27:07,440 for example one kid that came through 761 00:27:07,440 --> 00:27:09,440 looked at one of the processes being 762 00:27:09,440 --> 00:27:11,120 used by policing 763 00:27:11,120 --> 00:27:13,600 to move images across get a hash for 764 00:27:13,600 --> 00:27:16,000 that image move it across onto a file 765 00:27:16,000 --> 00:27:17,520 create a couple of documents from it and 766 00:27:17,520 --> 00:27:19,840 stick it out that was taking each copper 767 00:27:19,840 --> 00:27:22,240 around an hour and a half to do 768 00:27:22,240 --> 00:27:24,480 he automated it it took him a bit of 769 00:27:24,480 --> 00:27:26,320 automation to pull it from the sources 770 00:27:26,320 --> 00:27:27,919 and get it all hashed properly but he 771 00:27:27,919 --> 00:27:29,360 automated it 772 00:27:29,360 --> 00:27:31,840 the net saving for uk law enforcement 773 00:27:31,840 --> 00:27:34,159 was estimated to be around six hundred 774 00:27:34,159 --> 00:27:36,159 thousand pounds 775 00:27:36,159 --> 00:27:38,480 for about four months of one young 776 00:27:38,480 --> 00:27:40,159 person's work 777 00:27:40,159 --> 00:27:42,480 but this process is now this process is 778 00:27:42,480 --> 00:27:44,960 not unique to policing all the companies 779 00:27:44,960 --> 00:27:46,080 out there that are manipulating 780 00:27:46,080 --> 00:27:48,000 spreadsheets or doing payroll or doing 781 00:27:48,000 --> 00:27:49,200 all these things 782 00:27:49,200 --> 00:27:51,600 these kids can help them 783 00:27:51,600 --> 00:27:53,600 yeah i i am 784 00:27:53,600 --> 00:27:55,679 just as a camera final point for me 785 00:27:55,679 --> 00:27:58,640 i attended a talk um at b-sides 786 00:27:58,640 --> 00:28:02,000 manchester in 2017 and one of the the 787 00:28:02,000 --> 00:28:04,320 speakers was talking about and i can 788 00:28:04,320 --> 00:28:06,320 only cite the number that she used in 789 00:28:06,320 --> 00:28:08,320 her talk so that's the other basis for 790 00:28:08,320 --> 00:28:10,320 this statistic that i've got 791 00:28:10,320 --> 00:28:12,320 but she said that 792 00:28:12,320 --> 00:28:15,360 it was estimated that 42 793 00:28:15,360 --> 00:28:17,279 of the people convicted of cyber crime 794 00:28:17,279 --> 00:28:18,399 in the uk 795 00:28:18,399 --> 00:28:20,720 were neurodiverse 796 00:28:20,720 --> 00:28:23,120 and which is a high number relative to 797 00:28:23,120 --> 00:28:24,720 the per capita 798 00:28:24,720 --> 00:28:25,679 um 799 00:28:25,679 --> 00:28:27,919 so rather than just kind of look at that 800 00:28:27,919 --> 00:28:31,279 number and bemoan it has been a tragedy 801 00:28:31,279 --> 00:28:34,880 the ncsc and law enforcement uk the nca 802 00:28:34,880 --> 00:28:37,120 and all those people are actually trying 803 00:28:37,120 --> 00:28:38,000 to 804 00:28:38,000 --> 00:28:40,720 go into those environments and catch 805 00:28:40,720 --> 00:28:43,039 these kids at a young age 806 00:28:43,039 --> 00:28:45,760 and and put them on the right path 807 00:28:45,760 --> 00:28:47,120 and get them into communities are 808 00:28:47,120 --> 00:28:48,960 probably very similar people but doing 809 00:28:48,960 --> 00:28:50,240 the right thing 810 00:28:50,240 --> 00:28:52,000 before they get to that tipping point of 811 00:28:52,000 --> 00:28:53,039 being 812 00:28:53,039 --> 00:28:54,799 alone in their bedroom doing the wrong 813 00:28:54,799 --> 00:28:55,600 thing 814 00:28:55,600 --> 00:28:57,039 and i think that's fascinating i think 815 00:28:57,039 --> 00:28:58,480 not a lot of people really understand 816 00:28:58,480 --> 00:29:00,399 that that stuff goes on 817 00:29:00,399 --> 00:29:02,960 um and you've highlighted an example of 818 00:29:02,960 --> 00:29:04,720 it does go on and it's you know it's 819 00:29:04,720 --> 00:29:06,480 fantastic it happens regularly and it's 820 00:29:06,480 --> 00:29:08,480 the partnerships with companies out 821 00:29:08,480 --> 00:29:11,120 there that provide like for example 822 00:29:11,120 --> 00:29:13,600 gamified learning platforms and uh 823 00:29:13,600 --> 00:29:15,039 hacking platforms and things like that 824 00:29:15,039 --> 00:29:16,640 that work with us that allow us to then 825 00:29:16,640 --> 00:29:19,039 put that diversion tactic in but it 826 00:29:19,039 --> 00:29:21,840 needs to be better 827 00:29:21,840 --> 00:29:22,640 yeah 828 00:29:22,640 --> 00:29:24,399 there are other programs overseas i mean 829 00:29:24,399 --> 00:29:25,919 i want to actually give them a shout out 830 00:29:25,919 --> 00:29:26,880 because they're basically in the 831 00:29:26,880 --> 00:29:28,559 netherlands they're doing they're doing 832 00:29:28,559 --> 00:29:31,440 similar-ish stuff it's called hack right 833 00:29:31,440 --> 00:29:34,720 they're fantastic and just the idea of 834 00:29:34,720 --> 00:29:36,720 trying to get 835 00:29:36,720 --> 00:29:39,120 kids who are bored to do the right thing 836 00:29:39,120 --> 00:29:40,960 and actually help help policing help 837 00:29:40,960 --> 00:29:42,080 businesses 838 00:29:42,080 --> 00:29:44,559 help you keep people safe yeah that's 839 00:29:44,559 --> 00:29:46,960 that's awesome 840 00:29:46,960 --> 00:29:48,960 there it is 841 00:29:48,960 --> 00:29:50,399 all right well we're gonna say goodbye 842 00:29:50,399 --> 00:29:52,000 to chris goodbye chris thanks for having 843 00:29:52,000 --> 00:29:54,320 me guys