Amy Chang, a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute, has many tough problems to consider, from election security to adversarial AI attacks to the geopolitical implications of cyberwarfare. In a world rife with hot takes, she pursues a balanced approach to answering these weighty issues—nothing is an assumed outcome.
Amy Chang, a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute, has many tough problems to consider, from election security to adversarial AI attacks to the geopolitical implications of cyberwarfare. In a world rife with hot takes, she pursues a balanced approach to answering these weighty issues—nothing is an assumed outcome.
In this episode of WE’RE IN!, Amy provides insights into the potential cybersecurity policies of both the Trump and Biden administrations after the next presidential election, and how AI has the potential for more than just super-powered hacking. In a recently published paper, she and a colleague detailed consequences like inaccurate medical diagnoses or even manipulation of financial markets.
Listen to hear more about:
The role of cybersecurity in the innovation race between China and the U.S.
The effectiveness of “name and shame” tactics more than a decade after the release of Mandiant’s landmark APT 1 report
Why bipartisan support for cybersecurity measures may not equate to trust in the election security space
[00:00:00] Blake: So Amy, thank you so much for joining me on the podcast.
[00:00:03] Amy: so much for having me.
[00:00:04] Blake: So you're a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute. And for listeners maybe unfamiliar with the R Street Institute, that's a nonpartisan think tank that weighs in on a whole wide range of issues from criminal justice reform to critical infrastructure cybersecurity. So what can you tell me about your work at R Street and what research is coming around the bend?
[00:00:26] Amy: Sure. Um, so R Street they have about, I think there are seven functional areas. I'm at, in the Cybersecurity and Emerging Threats team, and our program is generally split between two areas of work. One is on Cybersecurity and Emerging Threats. And the other being data privacy and security.
[00:00:44] A core focus of our team is examining cybersecurity issues as they pertain to how to think about them, how policy makers could legislate or think about regulating cybersecurity. Um, as well as like, uh, emerging threats such as, well, not threats necessarily, emerging technologies that have the potential to manifest into threats.
[00:01:07] Artificial intelligence, quantum computing and things like that. One area that we're focusing on, um, very deeply lately is the nexus between artificial intelligence and cybersecurity. I think we hear a lot about how AI could potentially lead to doom and gloom type scenarios, but what we want to do in our program is also highlight how AI can benefit cybersecurity and how we can embrace its many applications in security.
[00:01:41] Especially as a lot of malicious actors seek to, to leverage AI for whatever, um, malicious ends they have. So we have a cybersecurity and AI working group, which is a 15 member working group that was meeting monthly. We just wrapped up, to explore cybersecurity and AI, uh, with members from academia, civil society, industry, and the Hill. So we covered a number of topics from beneficial uses of AI to cybersecurity, to safeguards for AI, understanding the risks that AI may have on cybersecurity, as well as the risks to the, the AI systems themselves. And right now we've already put out a few publications, but now we're working on providing policy recommendations for guiding future innovation in this space.
[00:02:27] And finding like appropriate frameworks and tools to bring the best parts of AI to society.
[00:02:33] Blake: Taking the temperature of that working group that you, sounds like you participated in, you know, AI of course is all the rage right now. And I think there's this somewhat academic debate going on of whether it's more of a boon for attackers than defenders. Where did you get a sense that the group fell and where do you fall? Do you think that AI is going to be, more of a benefit than a risk? Or at least in the short term, could it be more of a risk than a benefit?
[00:02:54] Amy: I think that it really depends on the day and the application and what people have in mind. I think it can go either way. I just as much as the advent of the internet had created a wonderful place to convene people to talk about interest in like, you know, share cat pictures and stuff like that has.
[00:03:12] Blake: were the days.
[00:03:13] Amy: Yeah, exactly. Exactly. And then, you know, uh, devolving into stealing everyone's data and selling it for, and, and trying to conduct identity fraud, which I actually was a victim of, um, on Sunday. Yeah. But, um, yeah, um, well, lock down your credit guys. Change your passwords.
[00:03:34] Blake: Don't tell me somebody tried to apply for a line of credit under your That's such a pain to get out. I know several friends who've had that happen. Toys R Us credit card, suddenly 500 of expenses, and just next thing you know it's a months long battle. Oof.
[00:03:49] Amy: Oh, totally. Yeah. And I think, you know, not to go off too far on a tangent, but I think the, the, the, the tough part about this is that you don't have control over where your data is leaked. Yeah. uh, organizations that have improper security standards in place, potentially, that, you know, lead to breaches and then your information gets sold and it's really out of your control at that point.
[00:04:11] Blake: Politically, the R Street Institute, you know, lean center right. But I would posit that on cybersecurity, really, the think tank is pretty squarely in the middle of the road. And how more broadly do you navigate the politics of cybersecurity? Is that a bipartisan issue? Or is it starting to slip into something else?
[00:04:29] Amy: Yeah, I think there remains a significant bipartisan recognition of the importance of cybersecurity, especially in regards, if we're talking about, you know, thorny topics such as, you know, even safeguarding democratic processes, securing critical infrastructure, um, as well as also ensuring personal privacy of US citizens.
[00:04:50] I think that there are definitely specific policy proposals that, result in, in partisan disagreements. But I think the broader goal of enhancing cybersecurity resilience continues to enjoy bipartisan support. I think that you're finding more and more elected officials really understanding the importance of, of cybersecurity, whether it be, you know, from a personal level all the way up to, you know, a government, uh, organization systems wide level. There are definitely thorny topics. I think, uh, election security, uh, in particular has introduced a lot of, a lot of political challenges, especially the increasing politicization of elections, election related security issues, such as, you know, the, the presence or, uh, non presence of foreign interference, as well as how the United States should respond to that foreign interference, the security of our voting systems, and the potential conduct of voter fraud using cyber security means, or sorry, cyber means, and then, uh, the role of the federal government in, assisting with election security, I think is another is another issue.
[00:05:59] Blake: Speaking of election security, we are in, of course, a big election year here in the U. S. and it's officially a Biden Trump rematch. What do you expect would be the biggest impact to cyber policy if Trump won? And vice versa, if Biden won a second term, would we see any major shifts or would you expect any big policy moves to come from a second term Biden administration?
[00:06:22] Amy: Yeah, I'll, um, I'll tackle each presidential candidate separately. I think, um, if, uh, Trump were to win the presidency again, I think that we would see a lot of, the same cyber policies and approaches as we observed during his previous term, um, which would be, I would say reduced, uh, like maybe four, four major things.
[00:06:44] Um, the first one being probably a reduced emphasis on international cooperation. During the Trump administration, I think they closed off, um, I think it was the State Department Cyber Coordination Office, which later during the Biden administration, reintroduced under like a cyber diplomacy office.
[00:07:07] The Trump administration has, has always been pretty skeptical of multilateralism and international cooperation, especially as it may be a pertains cybersecurity issues as well, typically preferring a more unilateral approach to these types of issues. So, that's one thing.
[00:07:24] I think uh, they will continue to focus on economic espionage and intellectual property theft. And, particularly as it, as it has stemmed from, from China. I think if you saw a second Trump term, you would find continued efforts to address these threats through a combination of diplomatic pressure, economic sanctions, law enforcement actions, or even just, you know, statements coming from the president himself.
[00:07:52] Third one being probably a confrontational approach, uh, to diplomacy and kind of the skepticism of, uh, of the Trump administration in international institutions, as well as other alliances that the United States historically has had, that could contribute to, an erosion of trust among allies and partners in the realm of cyber security in particular, which could potentially impact, the ability to coordinate responses to shared cyber threats and potentially vulnerabilities as well.
[00:08:24] And then the last one being a higher emphasis on and willingness, I think, to use offensive cyber capabilities with less of Less thought put into the potential ramifications of those offensive measures.
[00:08:42] So if Biden were to secure reelection, I think his administration might continue to prioritize a lot of the advancements and proclamations and executive orders that have been issued under his, um, his current administration. So I think there will be continued emphasis on the importance of investing in cybersecurity resilience and defense capabilities.
[00:09:06] Not sure whether a reelection could necessarily lead to increased funding for cybersecurity initiatives. But there has been a lot of discussion of modernizing critical infrastructure, enhancing cyber defenses in both the private and public sector, as well as improving its incident response and information sharing capabilities.
[00:09:26] Blake: On the Biden side, it's been interesting to see the White House really try to crack down on cyber espionage, carried out by whether it's China's Ministry of State Security or, you know, other nation state cyber threats. I saw, I guess, recently, there were a series of indictments in March, Charging seven nationals of the People's Republic of China for conspiracy to commit computer intrusions, all related to, I think, APT31 activity, cited, I guess, approximately 14 years of targeting U. S. and all sorts of targets. What, what can you tell me about the effect? Are those name and shame kind of tactics effective when it comes to addressing state sponsored hacking activity? What do you make of the Biden administration's recent moves?
[00:10:08] Amy: Yeah. Um, I mean, just even to take a step back and think about the role of government conducting public attribution, is still a relatively new thing. I think, you know, we've seen, it start in the, 2010s,hen, you
[00:10:26] Blake: Ah, the old APT1 report, I remember that one.
[00:10:28] Amy: yeah, that's right. I think that the, and then the, the pace of that, you know, has great, has generally increased over time. And I think that now that we have a lot more data, uh, of the amount of indictments that have come through from different administrations, we have a little bit of more of a sense on like whether name and shame actually works. I think it works in the sense of, and I'll provide like a few points here.
[00:10:53] In the sense of how it can serve as a deterrent by signaling to adversaries that their actions will not go unpunished, could result in sort of diplomatic, economic, legal consequences. You know, some indictments come with, with sanctions on top of that. And hopefully, I think the, the administration, aims to use name and shame tactics to kind of dissuade future acts of, of cyber aggression.
[00:11:19] It also improves or increases public awareness of these campaigns, and it can, it can incentivize both governments and organizations to understand the, the breadth and depth of Nation state sponsored activity or other types of criminal activity so that they can take action and invest in cyber security measures.
[00:11:41] So hopefully, you know, they're, they're using these campaigns to also mobilize support for different cyber security initiatives and foster this culture of, of wanting to promote cyber resilience. , It can also provoke a, a range of action reactions from a cost imposition perspective as well. Individually, I think that could mean it could invite a level of notoriety on that project. Person that they may not desire to have, especially if they're working for, you know, aspire intelligence agencies. So any indictments and sanctions could also limit their financial opportunities at home or their freedom of movement.
[00:12:18] From an organization perspective, I think there's also an likely an operational security failure. Um, and leadership may have to answer to even higher ups about what went wrong and the fallout from that indictment or any other sanctions could provoke distrust. Within the state, um, could also potentially dissuade potential recruits from even joining those agencies. So there are some, some benefits to, to naming and shaming.
[00:12:44] Blake: Yeah, I suppose when you have your face plastered on an FBI wanted poster, it's, it's hard to go, it's hard to go vacation in the countryside of France after that. Um, not sure how many of these, uh, contractors and state sponsored cyber, cyber spies are planning that, but hey, like you said, you never know, right? I mean, it can definitely have that, uh, dissuading effect, and if you're, you know, a young computer whiz hoping to, you know, You know, take off in your career. Maybe it would give you some some pause. It's always been interesting to me. This Nexus of like some of the state sponsored activity we see isn't necessarily. All just, you know, people in government jobs behind their desks, but also kind of hack for hire contractors. Sometimes in the Russian cyber nexus, you can get these criminals involved. And there were these recent leaks from, from I-Soon, which I guess has some links to the Chinese military and government.
[00:13:31] But can you kind of catch listeners up to speed on what happened there and the significance of that?
[00:13:37] Amy: Sure. Yes. So you mentioned I-Soon, which is the name of a hacking for hire contractor. As you mentioned, also affiliated with the Chinese government, and military. Earlier this year, it suffered a huge leak of its internal documents, revealing, I think, over 500 files, on its operations, its victims, potential targeting, as well as its capabilities. The leak revealed the kind of ecosystem of government contractors who do conduct operations on behalf of the Chinese government. The marketing and proposal materials leaked also provided insight into what types of contracted services and products the state sought. So that was like surveillance and monitoring, targeted espionage, network penetration, data collection, and it may mean, because we don't know for sure, that the Chinese government uses contractors to focus on areas where in house talent may be lacking, or it could allow government agencies to focus on other priorities.
[00:14:42] Here, I also want to point out a direct example of the previous question you asked about naming and shaming. So, in this specific case, it had both a promoting and deterring effect. So, in 2020, when the FBI named Chengdu 404 in an indictment, it The iSoon co founders in their leaked chat logs imply that they were like drinking buddies with some of the indicted individuals. And I think the indictments were also used in marketing materials, um, you know, to be like, Hey, like we, you know, conduct operations that reach this, you know, level of scrutiny by foreign governments.
[00:15:20] Blake: As like a good thing? As like a, as like, oh, as like a good thing. Interesting.
[00:15:24] Amy: Yeah. Like, Oh, like look how badass we are.
[00:15:26] Blake: Right, right. Like you can put on, put on, put on your hacker hoodie and join us. Okay.
[00:15:30] Amy: Totally. But I think like, you know, for other people, they'll be like, um, no, thanks. That's not, that's not for me. Um, and so it might also, you know, similarly cause, uh, employees to leave the companies as well.
[00:15:45] Blake: I guess that is kind of a bragging point potentially of like, wow, I've got an FBI wanted poster, but it takes a very special kind of, uh,
[00:15:52] Amy: Oh, totally. Yeah.
[00:15:53] Blake: Kind of a hacker to be interested in that. Now I, I also, I really appreciated your nuanced perspective on some of these issues and some of your writing for the R Street Institute and analyses that you've, pointed out in, in this whole ecosystem that China's not some monolithic actor, which I feel like, you know, I'm based in, in Washington, DC, I know you were in DC policy circles for, for quite a while, that there's this tendency almost to view China as like just Vague, vaguely sketched out bogeyman almost, right?
[00:16:20] With like, oh, hackers, you know, to use that hoodie analogy of just like a bunch of hackers behind the screen that aren't real, you know, almost just conceptualized and, and, uh, not really personified at all. Um, I guess, what did you mean when you, when you pointed out that China's not a monolithic actor?
[00:16:36] Amy: Just exactly as what you were saying, like news, politician portrayals, now we have a dedicated special select committee on the Hill, looking at the CCP, um, all of these portrayals of the Chinese state kind of make it seem like China's is like impenetrable hacking machine that the Chinese and that the Chinese government is able to kind of like systematically find its way into our critical infrastructure, our end user devices, our most top, you know, top grossing, uh, companies and organizations as well.
[00:17:12] And I think that the Chinese government has been able to also use this portrayal to its advantage, you know, kind of burnishing its image as this world class hacking empire. At the end of the day, I think it's also important to remember that the people behind all these operations are also humans behind a screen and keyboard, and that the life of a cyber hacker may not all be just like glamour.
[00:17:34] They often do repetitive or menial work that has a lot of repercussions on morale and profitability. They have to report to bosses, those bosses have to report to someone, and then, you know, as the ice stone leaks, uh, and the chat logs had revealed, there's also a lot of office politics and, and morale issues and pay issues and things like that as well.
[00:17:56] And so I think it's important to remember to, to humanize the problem as well, and to understand that, you know, they are susceptible to the same organizational limitations and human nature driven imbalances and deficiencies that any other country and, and any other hacker organization has to face.
[00:18:20] Blake: That being said, and I think that those are all fantastic points, you know, there is, of course, still a lot of consternation and legitimate concern in U. S. policy circles about some of the, some of China's investment in areas like AI, quantum technology, which I think you mentioned earlier, and what it could mean for U. S. national security. So what's your take on that? Is there a gap on the U. S. side vis a vis what China has been able to invest in and accomplish in some of these cutting edge technology areas? Thanks.
[00:18:47] Amy: The Chinese Communist Party in particular, has the advantage of being a one party authoritarian, system, and as such, you know, when you don't have any sort of contest for power, per se, in the traditional, like, electoral sense, you are able to look at things with more longevity and be able to plan things out, in more detail.
[00:19:09] So, for example, they release five year plans every several years. Um, they have, um, long term, medium and long term strategies and goals. They issue, you know, the Made in China 2025 initiative. So, you know, they have the advantage of being able to plan for these things. And as such, they have been able to make significant investments.
[00:19:32] In emerging technologies, such as quantum computing, AI, 5G infrastructure, and then investments in these technologies then have the potential to confer significant advantages in areas such as, you know, defense, um, cybersecurity, surveillance, intelligence gathering, et cetera. Um, I think that. From the outside, looking at China's progress in these areas could lead people to think that there is some sort of technology, technological hegemony, but, you know, there, I think that there are some nuances to that as well
[00:20:06] There's concerns about whether there's going to be, um, a gap. Between China and the United States, but I think that it's hard to objectively quantify whether China is quote unquote out innovating the United States.
[00:20:20] I think from a pure output perspective, such as venture capital investment, or the number of patents files, analysts have highlighted that China is kind of nearing parity with the United States in that sense. Um, but I also see China's facing different hurdles in the realm of innovation, uh, than the United States. Primarily what I mean is that, you know, innovation and the people who want to innovate within China's borders are kind of guardrailed or limited by the political world in which, um, the schools that they attend, the businesses that they work at, and the government, uh, kind of operates, uh, which does have a limiting effect on the innovation potential of a country.
[00:21:04] Blake: And it's got to be hard. I mean, it's such an opaque space, Right? Everything, you know, from the operations of the Chinese Communist Party to to even things like, you know, You know, you mentioned patents, like, okay, so there's a, there's a greater number, I think, already of patents filed and, you know, successfully filed in China related to, um, quantum technology.
[00:21:23] What is that really saying? And, and, you know, when you, when you have a confined media space and not as much information, that's part of why I think the I-Soon leaks, I mean, that seemed pretty extraordinary to get those and kind of like see behind the curtain a little bit, so to speak. That has to be pretty rare.
[00:21:37] In talking about the, the, the threat posed by China, some of these technological advancements, I feel like one geopolitical potential event looms quite large, even though it hasn't happened, which is the possibility of a Chinese invasion of Taiwan. And, you know, I think there's an assumption that that would come with some Form of disruptive cyber components.
[00:21:57] I mean, we saw a little bit of that with the Russia Ukraine war and this, you know, characterization of a hybrid war, but how should organizations globally be thinking about this? And I mean, I've, I've seen people prognosticate that it's going to happen in the next five years. And that's like, okay, well, if, if you take that as true, then what are you going to do?
[00:22:13] Amy: and it's so interesting to see even just how, how much Taiwan has entered into the mainstream political dialogue. I would say, if you asked people where Taiwan was located five years ago, people would be like, what? Thailand, like Southeast Asia. One thing that I am wary of is kind of like speaking a conflict into existence.
[00:22:40] I think that we talk about the prospect of conflict. Almost as an inevitability, but I think that, you know, at the end of the day, neither China nor the United States and especially not Taiwan want conflict to occur. But okay, so let's let's, but then, you know, that aside, let's think about it from a hypothetical perspective in terms of.
[00:23:01] You know, how, how to think about maybe potential spillover effects of conflict, um, especially if they start out with, with cyber activity could spill into the different, um, other domains. I think, um, for example, if you used, uh, a cyber operation to target critical infrastructure that may be to supply the electricity to a military base in Taiwan, Um, it may also just so happen that, that, that, um, you know, that power plant also provides power or connectivity to a hospital.
[00:23:35] And then you start endangering, uh, lives and potentially risk civilian harm or even death. So, um, you know, when, when people think of, um, cyber attack, they think of it to To be isolated in, to be isolated in, in the cyberspace, but I think that there are also a lot of real world ramifications of cyber attacks, um, that could have a lot of detrimental effects on, um, Civilian life, uh, the economy, um, our infrastructure, especially in the case of Taiwan, our supply chains as well.
[00:24:14] So, I think in, in, when thinking about what organizations should consider, they should, Conduct scenario planning and risk assessments to kind of evaluate the potential impact of a geopolitical geopolitical event, such as the Taiwan invasion on their operations, supply chains, or even their cyber security posture.
[00:24:35] They could impose additional cyber security measures to defend against potential cyber threats, especially if they have an understanding of how Chinese actors would infiltrate or attack an organization. Diversify and improve resilience of their supply chains, their business operations, as well as like, um, diversifying their digital infrastructure to kind of mitigate the impact of a potential disruption.
[00:25:03] Blake: Definitely some sobering points there on the cyber physical nexus and the risks there. Stepping back a bit though, I will say I think you overestimate, especially Americans geographic capabilities. I don't know if they could place, I don't know if they could place, you know, New Jersey on a map, let alone Taiwan, but point taken that it is definitely entering the
[00:25:21] Amy: Totally. Yeah,
[00:25:22] Blake: a lot, a lot more.
[00:25:23] And obviously I also really appreciated your point on not speaking conflict into existence. I think that is something that, especially in DC policy circles, can just be such a tempting thing, talking about the inevitability that Russia is going to plow ahead into other, you know, test NATO to the fullest extent possible, test, test the limits, that China is going to invade Taiwan, that, you know, all these things are going to happen almost as an inevitability.
[00:25:45] It's a big difference between planning for a possible outcome just out of an abundance of caution and treating it as if it's a done deal. I agree. I think that's a little bit. of a pessimistic, almost, you know, fatalistic worldview that, , maybe we could stand to have a little less of. And speaking of, speaking of pessimism, uh, AI, no,
[00:26:05] Amy: we're back.
[00:26:07] Blake: adversarial machine learning threats, that is a pretty, uh, terrifying prospect. Now you, you did recently co author a policy paper on some of these threats alongside, R Street Research Assistant Fatima. What, what were some takeaways from that?
[00:26:22] Amy: This was a great piece. And I have to give a shout out to Mumtaz, um, for, you know, being the brains behind this article. She did such a wonderful job. So basically what we wanted to do was to be able to explain in very plain and simple terms, what adversarial machine learning is for policy. Like, To, for, for policymakers to understand and, the article kind of went in depth into a few types of adversarial machine learning attempt attacks, which are, you know, any sort of attacks, on machine learning models to kind of undermine the integrity and performance of those models.
[00:27:00] We went into things like query based attacks, data poisoning attacks. , I would say reading it, you can have a diagram of how those attacks would occur. But we also discussed the kind of the real world impact of adversarial ML attacks, which could include data breaches or data leaks.
[00:27:20] Inaccurate medical diagnoses or potential even manipulation of financial markets. Like, as you said, Blake, very scary stuff, but we also go in and talk about how you can protect against those, those types of attacks too, such as incorporating this concept called secure by design principles, which is basically bake security into the design of a specific product.
[00:27:43] All the way until like, you know, utilizing security frameworks, such as the AI risk management framework, or even, you know, ways that we could support new entrants, that can challenge the, the, the AI giants and make sure that, you know, all standards are, are kept high and, and that, that any sort of risks are, are kind of taken into consideration.
[00:28:06] Blake: Well, I do think there's a huge appetite on the Hill and beyond for these kinds of analyses and you know, the expertise, obviously, that R Street can bring to bear. And, you know, you've worked in Congress before on the House Foreign Affairs Committee. You've served as an intelligence officer in the U. S. Navy Reserve. And, you know, beyond that, you have a ton of experience in these circles. I'd be curious, how have the perceptions of cyber security as That's a NATSEC risk evolved in say the last 10 years.
[00:28:36] Amy: Ooh, there are so many changes. I think cyber has migrated from a peripheral concern to now a central priority for governments and organizations worldwide. I don't think there were very many CISOs. And then, bad things started happening to companies from a cyber perspective and then like, Oh, now, Every organization kind of has a, a CISO or a, which is a Chief Information Security officer or a Chief Information Officer.
[00:29:05] At the time when I started studying cybersecurity, I think I recall it mostly being discussed in the context of hybrid warfare or network centric warfare. Not many years later, cyber became its own domain. It had its own funding. It had, you know, a cyber force on the United States, side, you know, be, be, be established.
[00:29:25] But in terms of like, uh, perceptions of cyber as a national security risk, I think that more people do understand cyber security now, but I think just as many folks still don't understand it, like, they know that it's important, but they don't know really how to protect themselves. They don't know what measures need to be in place. They don't necessarily know how to wrap their heads around, like, how that, how cyber security is important. And lack of cybersecurity could impact them and their organizations.
[00:29:55] Blake: Clearly they need to follow the R Street Institute and listen to the We're In podcast and then they'd actually maybe know a
[00:30:00] Amy: Absolutely.
[00:30:01] Blake: right? Not to, well, thank you so much for sharing so many, uh, really fascinating insights into it. We covered a lot of ground today, uh, from China to cyber physical threats to AI. And, you know, there's one question we like to ask all of our podcast guests, which is what's something that we wouldn't know about you, Amy, from looking at your LinkedIn profile?
[00:30:22] Amy: I am a nationally competitive and ranked power lifter. And so power lifting is, is focused on three lifts, the squat, the bench press, and the deadlift. And, um, so at this point I can, squat over 375 pounds, bench over 220 pounds, and deadlift over 400 pounds, and, I'm 5'4 so I'm, I'm kind of small.
[00:30:50] Blake: That's, uh, incredibly impressive. Not that anybody's keeping track, but listeners at my local Orange Theory, I squat with 65 pounds, uh, as my, and I am six and I am six two. And, uh, so,
[00:31:03] Amy: 6'2 Wow.
[00:31:07] Blake: So that is very impressive. And, uh, that is, uh, something that I did not know about you from looking at your LinkedIn. So thanks for sharing that and, uh, and keep it up. That's amazing.
[00:31:16] Amy: Thank you.