Outgoing Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly sits down with WIRED Senior Writer Lily Newman to discuss the challenges on the horizon for U.S. cyberdefense, the successes of her time at the helm of the crucial agency, and the business left unfinished as CISA's entire fate hangs in the balance under President Trump.
Director: Justin Wolfson
Director of Photography: Eric Bugash
Editor: Michael Penhollow
Host: Lily Newman
Guest: Jen Easterly
Line Producer: Joseph Buscemi
Associate Producer: Brandon White
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Camera Operator: Rob Klein
Sound Mixer: Todd Burger
Production Assistant: Will Hoffinger
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Rachel Kim
Supervising Editor: Doug Larsen
Additional Editor: Paul Tael
Assistant Editor: Justin Symonds
Director: Justin Wolfson
Director of Photography: Eric Bugash
Editor: Michael Penhollow
Host: Lily Newman
Guest: Jen Easterly
Line Producer: Joseph Buscemi
Associate Producer: Brandon White
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Camera Operator: Rob Klein
Sound Mixer: Todd Burger
Production Assistant: Will Hoffinger
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Rachel Kim
Supervising Editor: Doug Larsen
Additional Editor: Paul Tael
Assistant Editor: Justin Symonds
Category
🤖
TechTranscript
00:00At the end of the day, this is really a world where a major conflict in Asia,
00:04the potential invasion or blockade of Taiwan by the PRC,
00:07could have very real consequences here in the U.S.
00:10You could see pipelines being affected, water being affected,
00:15telecommunications being severed.
00:17Wired sat down with outgoing CISA director Jen Easterly
00:20to talk about her time in Washington and the future of U.S. cybersecurity.
00:24This is The Big Interview.
00:30Hi, Jen.
00:33I'm so happy to be here with you.
00:36You're in your last days as the director of CISA.
00:40How are your last days feeling?
00:41Well, it's bittersweet, of course.
00:43This has been the best job I've ever had and the best team.
00:48And every day it's been a privilege to come into work here.
00:52So it's a little bittersweet to be leaving.
00:54But I feel really, really good about everything that we've been able to do.
00:59Of course, there's a lot of unfinished business.
01:01But I think we have set a good path for the incoming team.
01:06I know my team is excited to continue to drive forward
01:10on the many priorities that we've set.
01:12But, you know, all good things come to an end.
01:13And looking forward to next adventures.
01:16And you've been here three and a half years, right?
01:19Yeah, I came in.
01:19I was nominated in April, confirmed in July.
01:23So over three and a half years.
01:24And then I was actually part of the transition team.
01:27I was the cyber policy lead when I was still at Morgan Stanley.
01:30So was working these issues early on.
01:33And in fact, when I was the cyber policy lead, it was during the solar winds.
01:36So that was a very interesting incident to observe,
01:40both from being in the private sector,
01:42but also being part of the transition team to see how far we could come.
01:47And frankly, how far we have come with respect to being able to secure
01:51the .gov, the Federal Civilian Executive Branch.
01:54And so that was a useful sort of marker for me.
01:58That must have been a really interesting vantage point
02:01and a good learning experience.
02:02I didn't realize that that was exactly the timing of when you came in.
02:05Because, you know, one thing we're going to talk a lot about you and your tenure.
02:09But one thing I wanted to bring up that I'm sure it's top of mind for everyone
02:13and I'm sure is something you've been engaged with is revelations recently
02:18about Chinese espionage and hacking in U.S. telecoms.
02:22So I'm interested to know what you observed in that other situation,
02:26which was obviously Russian hackers, you know, a different situation.
02:29But how were the lessons learned there then applicable
02:33with the work you all are doing now in this response?
02:36Well, certainly what we saw in December of 2020,
02:40with the revelations about the intrusions into federal government networks,
02:45as well as businesses around the world,
02:47was a pretty sophisticated supply chain espionage operation.
02:52And off the back of that,
02:54there were a lot of things that were put in place in 2021
02:56to include through the Executive Order 14028,
03:00where a lot of the responsibilities came to CISA.
03:03There was also some money that came to CISA
03:05through the American Rescue Plan Act.
03:07And I would say the bumper sticker was to finally allow CISA
03:11in our role as America's cyber defense agency
03:14and as the national coordinator for critical infrastructure,
03:17resilience and security to manage the .gov as an enterprise,
03:21not as a disparate tribe of 100 separate departments and agencies.
03:27So what we've been able to put in place across the so-called FSEB,
03:32the .gov over the past three and a half years
03:34has given us enormous visibility that we never had before
03:39and has allowed us to detect intrusions much more rapidly
03:42to be able to remediate them
03:44and to get ahead of future intrusions
03:47by understanding from an analytic perspective
03:50what exactly is happening on the .gov
03:53and then frankly using that information
03:55to be able to enrich our work with critical infrastructure
03:59because all of our networks are connected,
04:02they're vulnerable in many ways.
04:04And so understanding and enriching what we know
04:06from what we see on the .gov
04:09to what we see in critical infrastructure
04:10has also been a really important evolution.
04:13With respect to China, as you know, Lily,
04:16we've been talking about this for years.
04:19Years.
04:21The big thing for me that changed,
04:23because certainly I've been doing cyber for a very long time,
04:26we were always very focused on the PRC
04:30with respect to espionage campaigns
04:32and data theft and intellectual property theft.
04:35And we're certainly seeing that now
04:37with the so-called salt typhoon campaign
04:40with intrusions into our telecommunications infrastructure.
04:43But the big thing for me was seeing intrusions
04:48into our critical infrastructure, not for espionage,
04:51but rather specifically for disruption and destruction.
04:55And we've talked a lot about that.
04:57I testified earlier this year.
04:59But at the end of the day,
05:00this is really a world where a major conflict in Asia,
05:04the potential invasion or blockade of Taiwan by the PRC
05:07could have very real consequences here in the U.S.
05:10You could see pipelines being affected,
05:13water being affected, telecommunications being severed,
05:16rail lines, power, exactly.
05:19And that is all part of a very deliberate effort by China
05:23to incite what they call societal panic
05:26and to deter our ability to marshal military might
05:30and citizen will.
05:31This is all part of a very deliberate campaign.
05:33And that's why we have been so laser focused
05:36leveraging our technical talent at CISA
05:39to be able to work with the private sector
05:41to identify and eradicate these types of actors
05:44from their networks to provide mitigation and hunting,
05:47guidance, hardening guidance
05:49in what we just put out for telecommunications,
05:51guidance on how to communicate securely.
05:54You saw that in some of our recent guidance
05:56on end-to-end encryption, encrypted communications,
05:59which is really important.
06:00And then to work through mechanisms
06:03like our Joint Cyber Defense Collaborative
06:05that we stood up in August of 2021
06:07to work with a wide variety
06:09of those critical infrastructure sectors,
06:12power, telecommunications, aviation, transportation,
06:15to ensure that we have a common picture of the threat
06:19and that these entities know what they need to do
06:21to reduce risk.
06:22I think one of the most important things,
06:24and you and I have talked about this before
06:26vis-a-vis Ukraine when we did a panel together
06:29with Victor Zora of the Ukraine Cyber Defense Agency
06:33is really the importance of resilience.
06:35It is gonna be extremely difficult
06:38to prevent disruption in a scalable way.
06:41And so we have to prepare for it.
06:43We have to acknowledge that disruption may occur,
06:46but the way that we train our people,
06:48how we exercise, how we architect our systems
06:51needs to enable us to detect, respond,
06:54and then recover so that we can mitigate the downtime
06:57for critical infrastructure services
07:00that are necessary for the American people.
07:02Do you think the espionage operations
07:05are getting too much focus
07:07and that actually there needs to be more focus
07:10on this critical infrastructure infiltration,
07:15that activity is tracked under this group Volt typhoon?
07:18Is there maybe what folks are talking about
07:21in the public sphere is different than the focus
07:23at an agency like CISA or what's the balance?
07:26Yeah, I mean, we are very focused overall
07:29on PRC cyber actors,
07:31whether they're the so-called salt typhoon
07:34focused on espionage, whether it's Volt typhoon
07:37focused on disruption and destruction,
07:39we are focused on working with our federal partners,
07:41with our industry partners to be able to identify
07:44these actors and intrusions,
07:45eradicate them and harden our networks.
07:48I think we should not get too down the rabbit hole
07:51on is it salt, is it flax, is it Volt?
07:54At the end of the day, China,
07:56as we've seen in assessments from the intelligence community
07:59is the most formidable, persistent cyber threat
08:02that we are dealing with, that we will deal with.
08:05And it's why, frankly, very early on when I got here, Lily,
08:10I felt I needed to get what are the big ideas, right?
08:13You're leading a federal agency,
08:15a fairly new federal agency,
08:16one that's been through a huge effort to organize it,
08:20one that's just been out after a pandemic,
08:23a contentious election.
08:24So what are the big ideas
08:25to build America's cyber defense agency?
08:28And that was all about how do we catalyze
08:31and mobilize collaboration,
08:33collaboration with industry, with international partners,
08:36with state and local partners,
08:37and to do it in a way that's not the old hackneyed,
08:40stale public-private partnerships
08:42where you go meet once a month
08:44and share secret level information.
08:46It's really ongoing, real-time work together
08:50with a recognition that if you're critical infrastructure,
08:53a threat to one is a threat to many
08:55given the interdependence of networks.
08:57It's also a recognition that the federal government
09:00has to be responsive, has to be transparent,
09:02has to add value.
09:03That was very much informed by my time at Morgan Stanley,
09:06and that you really needed these scalable platforms.
09:09So the collaboration piece,
09:10the fact that big corporations
09:13needed to recognize this threat
09:15as a existential business risk,
09:18one that they needed to prepare for
09:20and really manage not as something
09:22that the IT folks deal with,
09:24but manage as a matter of good governance.
09:27So this idea of corporate cyber responsibility,
09:29because as you know,
09:30the vast majority is owned by the private sector.
09:32They are now on the front lines.
09:34They are in the front lines of the cyber fight.
09:36So they have to recognize
09:38that they have a really important role
09:40in managing that cyber risk
09:42and working with the agencies
09:44to help us mitigate that risk.
09:45So this whole idea of corporate cyber responsibility.
09:49The other one was cyber civil defense.
09:51My friend Craig Newmark talks about this,
09:53but I love to think about this
09:54in our campaign for Secure Our World.
09:56The whole idea is make cyber hygiene
09:58as common as physical hygiene,
10:03washing your face, brushing your teeth.
10:05That's the whole campaign inspired by Schoolhouse Rock
10:09that we did a whole music video.
10:11The idea is you want to make cyber sexy and cool,
10:16not something that's scary,
10:17because if people are scared by things,
10:19then their brain shuts down.
10:21Make it cool, make it fun, make cyber sexy.
10:24That's been one of the things I've been driving towards.
10:27And then the last thing is secure by design.
10:28And that's make cyber sexy, make technology safe.
10:32For decades, we've accepted a world
10:34where technology has been delivered to us
10:37full of vulnerabilities.
10:39And so we've spent time glorifying the villains
10:42and blaming the victims.
10:43We have to now hold vendors accountable
10:46for designing and developing and testing
10:48and delivering software and technology
10:51that is specifically focused on driving down
10:53the number of exploitable flaws.
10:55So you think about those big ideas,
10:57and that's what we've been driving towards.
11:00Again, a lot of unfinished business.
11:02But when you think about the continued ransomware attacks,
11:04when you think about the continued attacks from China
11:07that we can expect to continue,
11:09these are not exotic attacks.
11:11These are attacks that are using,
11:14for the most part, known vulnerabilities.
11:17And so ensuring that the tech that we rely upon
11:21is as secure as possible is incredibly important as well.
11:26And I wanna ask you more about holding vendors accountable,
11:29but tying into the other thing you were saying
11:32about public-private partnership
11:34and developing that rapport has been concerning
11:38to see how difficult it seems to have been
11:41for the telecoms to eradicate the Chinese hackers
11:44from their networks and to be certain or be very confident.
11:47Has there been progress on some of those things
11:51that you're talking about in terms of being able
11:53to have that transparency and insight
11:57into what's actually going on?
11:59Yeah, it's a really important question.
12:01So after the revelations of these breaches,
12:04we stood up what's called a Unified Coordination Group,
12:07which brings together the federal agencies,
12:09CISA, FBI, the intelligence community.
12:12We are focused on the response.
12:15So we're responding, FBI is going after,
12:19they're investigating, going after potential threat actors.
12:21The IC, folks like the National Security Agency
12:24are using what we see in the intelligence
12:27to understand the extent of this intrusion
12:30by foreign actors and we're coming together
12:32to work with those known and suspected victims.
12:35And so we've been doing that for months now.
12:38I understand that some of the victims
12:41have talked about being able to remediate these threats.
12:44And I think that that's gonna be a long-term effort.
12:47I mean, this has unfortunately been out in the press a lot.
12:50And anything that gets out there
12:54has the downside of having adversaries change their tactics.
12:58So while I think the transparency to consumers is important,
13:01it also makes it more difficult
13:03to then find these actors within the network.
13:06So while they're using known defects
13:08and technology to get in,
13:10once they're in, they are hard to find.
13:12And in fact, CISA, and this is one reason
13:14I'm so proud of the incredible technical talent
13:18of our team, it's one of the few agencies
13:19in the government that have been able to find
13:21both Volt Typhoon within critical infrastructure
13:24as well as Salt Typhoon.
13:26And in fact, it was our work to find Salt Typhoon
13:29that then led to law enforcement being able
13:33to identify virtual private servers
13:35that were being leased by the adversaries.
13:38And then that unraveled the wider campaign.
13:40And that's just an example of some of the things
13:42that we're doing that have helped improve our ability
13:45to manage the security of the .gov.
13:47But this is a long-term effort, frankly,
13:51and I don't expect it to be remediated in the short term.
13:54That's why at the end of the day,
13:55we need to focus on resilience.
13:57On the telecommunications infrastructure more broadly,
13:59we have to understand that comms,
14:02just like my point on software and technology,
14:05these systems were basically architected
14:07for speed and efficiency.
14:09They weren't built with security as top of mind.
14:13Security is in many ways in telecommunications
14:15and other aspects of critical infrastructure
14:17has been bolted on because at the end of the day,
14:20a lot of this technology was developed for speed,
14:23for driving down costs, for cool features.
14:25Security was an afterthought and a bolt-on,
14:27and that's why we have a cybersecurity industry
14:30and jobs like mine.
14:31So when I talk about the story of cybersecurity,
14:35I actually wanna work myself out of a job.
14:37I want to envision a future where ransomware
14:41is a shocking anomaly,
14:43where damaging software vulnerabilities
14:45by nation state actors are as infrequent as plane crashes.
14:50A world where the technology that we've come to rely on
14:53every hour of every day is first and foremost secure
14:58so that we can believe in what we are using
15:03and what is driving, empowering our daily lives
15:05as something that is safe for ourselves,
15:08for our families, for our small businesses.
15:09And that's the work that we've been catalyzing.
15:12There's much more work to do,
15:14but I think we have laid out a roadmap.
15:16And the most important thing
15:17about getting those big ideas right
15:19was before we were able to put any of that into play
15:22was we had to have the right talent and the right culture.
15:26You know, starting from day one, frankly,
15:29it was making sure that we could retain the talent we have
15:32and then hire some of the incredible world-class talent
15:35that has been able to find these threat actors,
15:38help to eradicate and evict them,
15:40and then to ensure that we are working collaboratively
15:43with our partners to help them drive down risk
15:47to the critical infrastructure Americans rely on.
15:49When you were talking before
15:51about how in the wake of solar winds,
15:53you know, there were opportunities for CISA
15:55to expand its funding, its powers.
15:58Do you feel like the agency has the levers of control
16:02now that it needs to do its work?
16:04We are much bigger than when I started
16:07in terms of number of people.
16:09We're about 3,400 people.
16:11We've hired over 2,100 people since I came on board,
16:15which is pretty incredible when you think about the talent
16:18that is very mission-driven,
16:20but they could go get paid a lot more money
16:21in the private sector.
16:22So we're really proud of that.
16:24Our budget is nearly $3 billion.
16:26We have much more authorities
16:28to include some of the authorities
16:30we got out of the Cyberspace Solarium Commission,
16:32like the Joint Cyber Planning Office,
16:35which we made the Joint Cyber Defense Collaborative,
16:38like our ability to persistently hunt on federal networks
16:41that has allowed us to discover things
16:43like the Salt Typhoon campaign that I mentioned.
16:46So I think we are in great shape right now.
16:51What I would just tell my successor,
16:55first of all, you're inheriting the best job in government,
16:58but I would also say, look,
16:59we are America's cyber defense agency.
17:01When you compare our size to the law enforcement agencies,
17:05the investigative agencies, or the intelligence agencies,
17:08we are much smaller,
17:09but I think we punch far above our weight.
17:13The magic of CISA is the fact
17:15that we are a partnership agency, a voluntary agency,
17:19and everything we do is rooted
17:23in being able to catalyze trusted partnerships.
17:26And so it's not authorities to force compliance
17:29or enforcement.
17:30We're not a regulator.
17:31We're not a military agency.
17:33We don't collect intel.
17:35We don't do law enforcement.
17:36Everything we do is by, with, and through partners,
17:38providing no-cost services and capabilities
17:40to enable critical infrastructure entities
17:42to manage and reduce risk.
17:45And I'm really proud of where we are,
17:47but there's much, much more work to be done.
17:50And do you think the new administration
17:53will be supportive of that?
17:55On the one hand, in his first term,
17:57President Trump was actually the one
17:59who elevated CISA to be an agency,
18:02you know, a full-fledged agency.
18:05But on the other hand, there've been some comments
18:07that make it seem like perhaps his administration
18:11is no longer sort of putting a priority
18:13on the mission of the agency.
18:15So are you concerned about that?
18:17You know, I'm not concerned about it.
18:19I think anybody that takes a hard look
18:21at what CISA is, the talent that we have,
18:24what we have accomplished over the last several years,
18:28will appreciate the value that we bring
18:30to the American people.
18:31And CISA success is the success of the American people.
18:35It's national security.
18:36And, you know, while I know there's been a lot
18:38of discussion of politics and partisanship,
18:41at the end of the day, cybersecurity,
18:43critical infrastructure security,
18:45is not a political issue.
18:46It's not a partisan issue.
18:48And the American people understand that.
18:51And, you know, I grew up in a world
18:54where we didn't think at all about politics.
18:56I was a military officer.
18:57I worked for President George W. Bush, President Obama,
19:01now President Biden.
19:02I am never driven by politics.
19:04I'm driven by mission.
19:06And I think that is very much the spirit
19:08and ethos of folks within CISA.
19:12We are very focused on driving down risk
19:14to the American people.
19:15If you just look at, for example, the elections.
19:18You know, the elections,
19:19when election infrastructure was designated
19:21as critical infrastructure in 2017,
19:23that really was a no-trust environment.
19:28The states didn't want the federal government
19:30at all involved in elections,
19:32which are run by state and local officials.
19:35And it took a lot of work by my predecessor
19:37and that team, and now my team,
19:40to move from a no-trust, low-trust environment
19:43to a pretty high-trust environment.
19:46I mean, one of the things that I'm most proud about
19:48over the past several months was our work
19:50with election officials across the country,
19:52you know, to include some very conservative
19:55Republican secretaries of state,
19:57spending time with Dave Scanlon up in New Hampshire,
19:59with Phil McGrain in Idaho.
20:01And then we spent time
20:03at the Midwest Election Security Summit
20:05with Bob Evnan of Nebraska,
20:08Scott Schwab of Kansas,
20:10Paul Pate of Iowa,
20:11Jay Ashcroft of Missouri,
20:13Monet Johnson of South Dakota.
20:15And so this really shows people out in America
20:19where the work actually happens,
20:23look at us as an agency that is there to help.
20:27I think one of the things
20:28that's been really important, Lily,
20:30is we have put an enormous amount of effort
20:34into building our field force
20:36as we've grown those 2,200 hirees.
20:39We've built hundreds in our force
20:42of cybersecurity advisors, physical security advisors,
20:45who are out in every state
20:47to work with critical infrastructure,
20:50owners and operators, businesses large and small,
20:53election officials, state and local officials.
20:56And these are folks from those areas.
20:58So while you may not trust the federal government
21:02if you're sitting in a state somewhere,
21:06a very conservative state,
21:07you trust your cybersecurity advisor
21:09who you've known for years and years.
21:12And so that comes with sort of a built-in ability
21:14to build those relationships.
21:16So I'm very aware people don't trust institutions,
21:19people trust people.
21:22And it's why everybody in CISA is very focused
21:26on not only having the technical talent
21:29to enable us to understand and reduce risks,
21:31but to build collaborative partnerships.
21:36It's about developing those relationships
21:40to allow us to work together,
21:42to reduce risk to the nation.
21:43And frankly, it's why I've been all over the world,
21:46all over the country to help us build that trust,
21:51catalyze that trust, advance those partnerships
21:54in a way that we can work together
21:56for the collective defense of the nation.
21:58Let's say this, defense is hard, right?
22:02We know that.
22:03And when you were talking about
22:06holding vendors accountable,
22:08wanting to make these exploitable vulnerabilities,
22:12you know, a plane crash,
22:14once in a blue moon rather than so common,
22:18are we getting there on that?
22:20It feels like on endpoints,
22:23in some ways there has been a lot of progress
22:25on that type of detection,
22:28but then things move to the periphery,
22:30they move to network devices,
22:32cloud, the ongoing need for account hygiene
22:36and account security.
22:38So are we winning?
22:40Can you win at defense?
22:44Do you worry about that?
22:45You're right, defense is hard.
22:47I say that as the America's cyber head goalie.
22:50And that's why it has to be a team,
22:52because you need all those levers of power.
22:54As much as we work to hunt for and eradicate Chinese actors
22:58and work with critical infrastructure to build resilience,
23:00our partners need to hold those actors accountable
23:05and to be able to hold our adversaries at risk,
23:07whether that's through offensive cyber capabilities,
23:10whether that's through indictments or sanctions.
23:12And so that's when we talk about cyber as a team sport.
23:16But yes, we're on the defensive side and it's a challenge.
23:20I think we are making progress.
23:22We have seen when we launched this Secure by Design campaign,
23:26I like to call it the revolution,
23:28but at the end of the day,
23:29this has been something
23:30that there've been thought leaders talking about
23:32for years and years and years.
23:33We wanted to give it a platform
23:35that was really highlighted
23:37by some of my fantastic technical experts
23:40started working on this,
23:41talked about it first in November of 2022,
23:43then launched it at Carnegie Mellon
23:45in a big speech in early 2023,
23:47and then came together with our federal partners,
23:50with international partners
23:51to start laying out the key principles
23:52for Secure by Design.
23:54Later that year,
23:54we locked arms with our international partners,
23:57but importantly,
23:58we worked very closely with technology vendors.
24:00And you saw that in the pledge that we launched at RSA,
24:03started out with 68 technology vendors,
24:05now we're over 260.
24:07And these are vendors who voluntarily committed
24:10to make significant and measurable progress on key areas,
24:14whether that's enabling of multi-factor authentication,
24:16reducing default passwords,
24:17moving towards memory safety.
24:19And several of them have already started publishing
24:22progress that they've made.
24:23And look, at the end of the day,
24:25these technology vendors want to create safe products.
24:29It's just decades and decades
24:31where it hasn't been a priority.
24:33It's been driving down costs,
24:35it's been features,
24:36it's been speed to market for competition.
24:39And so I think we really have seen
24:41vendors grasping onto this.
24:43You remember Ralph Nader wrote this bestselling book
24:45in 1965, all about car crashes.
24:50Cars were not focused on being safe.
24:52And I talk about Secure by Design
24:55as unsafe at any CPU speed.
24:57And you think about from 1965,
24:59I think it wasn't until 1983
25:02when the first state mandated use of seatbelts.
25:05So it took a long time.
25:08But what I'm excited about, Lily,
25:11is I think we can get there quicker.
25:14GPU speed.
25:15Yes, maybe GPU, exactly, exactly.
25:18You're going in my, you're speaking my language, sister.
25:21So it's AI.
25:23I think we can use the incredible power of AI,
25:25and that's why we've been so excited
25:27about how do we use generative artificial intelligence
25:30and large language models for cyber defense.
25:32So when you think about, for example,
25:34not to geek out on you too much,
25:36when you think about,
25:38when you think about two thirds of software vulnerabilities
25:41are memory safety vulnerabilities, right?
25:44So buffer overflow or use after free vulnerabilities.
25:48And when you think about SQL injection,
25:50if you can drive down,
25:52if you can move from memory unsafe to memory safe,
25:55so moving from C and C++ to things like Rust,
25:58refactoring that code can drive down
26:00the number of software vulnerabilities.
26:03And so I'm excited about how fast this is moving.
26:08I want to make sure that these capabilities
26:10are built to also be secure by design.
26:13And so we've been extending what we've been working on
26:15in software into AI,
26:17and that's been a huge effort and a lot of fun, frankly,
26:21under the leadership of our chief AI officer.
26:23But just think about using these capabilities.
26:25This can accelerate our ability
26:27to get to a secure by design future.
26:30And what does that mean?
26:31It doesn't mean perfect cybersecurity.
26:33We're never going to get to perfect cybersecurity,
26:35but what we can get to is a technology ecosystem
26:39that is much safer, much more secure,
26:41and frankly, defensible.
26:42So driving down the number of exploitable defects,
26:45exploitable flaws,
26:47that can really be accelerated by the use of generative AI.
26:51So I'm super pumped about that.
26:53So I have to ask you, there's rumors.
26:56Are you or are you not going on tour
26:59when you leave Cisco?
27:01You know, I certainly hope to be.
27:04You and I actually met over a mutual friend,
27:07Meryl Goldberg, you wrote a fantastic article
27:10about her time in a Klezmer band
27:12and being in the Soviet Union and encoding music.
27:14And she and I ran into each other in the green room at RSA.
27:17And I saw these instruments, a saxophone,
27:20and I was like, oh my gosh, what's happening?
27:21And that started this wonderful friendship.
27:24We have bonded over music.
27:25I played piano and guitar when I was young,
27:27but I really started with electric guitar
27:29when my son started taking it up during COVID.
27:32Oh, there you go.
27:33And it's been the thing that has,
27:35because I love all kinds of music.
27:36That's what's behind the Joint Cyber Defense Collaborative.
27:39But I started taking up electric guitar
27:40and that has become my passion, my obsession.
27:43And as we were really focused on election security
27:46over the past couple of months, I wasn't able to practice,
27:49but now I'm getting back to it.
27:52So I hope my big post-retirement plan
27:54several years from now is to start this bar,
27:58to have a band, we're gonna do magic,
28:01we're gonna do improv, I'm gonna be the bartender.
28:04Is there gonna be a cyber tie-in or?
28:07Well, there'll always be some cyber tie-in.
28:10You know, my team, I really wanted to start my own podcast
28:14in this job called Bourbon and Bites,
28:16because I'm a big old-fashioned fan,
28:18but they didn't like the whole bourbon thing.
28:21So there could be some podcasting from the bar.
28:25There you go, okay.
28:25But, you know, cyber will always be a part of my life,
28:30no matter what I do, something I've done forever,
28:33and I'm very passionate about the importance
28:36of ensuring that we secure our world
28:40for everybody from K through gray.
28:43And, you know, it's one of the things
28:44that's been motivating me to make cyber sexy
28:47and make tech safe.
28:48Will there be Rubik's Cubes at every table in the bar?
28:51There will be Rubik's Cubes.
28:52You know, I'm also sort of obsessed with the Rubik's Cube.
28:56And I think, we might've talked about this before,
28:59but so this is actually a SysaCube.
29:02And I like to think of it as a kind of a magic cube,
29:05but let's see here.
29:07There we go, all right.
29:08So there we go, solve the SysaCube.
29:10But I love this thing because when I was 11,
29:14these things were introduced into the world
29:17and I was a huge puzzler and a video game person
29:19and I became obsessed with it, learned how to solve it.
29:21And then I would go to toy stores and say,
29:24you know, I was this little kid with pigtails.
29:26If I can solve this in less than two minutes,
29:28will you give me a free one?
29:30So I was able to amass this whole.
29:32The whole trove.
29:33And the reason I love it is because Erno Rubik,
29:35who invented the thing, talked about,
29:38if you are curious, you will find the puzzles around you.
29:42And if you are determined, you will solve them.
29:45And when I think about the type of incredible
29:47technical talent that we have here at Sysa,
29:50you think about the intellectual curiosity.
29:52It's the hacker mindset, it's the problem solver,
29:54but it's the determination, the relentless drive
29:58to solve the most complicated problems out there.
30:01And that's sort of symbolized in the Sysa cube.
30:06Well, it's really a pleasure to talk to you.
30:08You as well.
30:09Thanks so much for joining us.
30:10Thank you as well, Lily.