5: How we can imagine different futures for cybersecurity using design thinking, how it helps us to build bridges with the business and why we should work more closely with academics with Professor Lizzie Coles Kemp

– We are excited to hear that Apple has increased their bug bounty for security researchers to $1M

– We also look at the role research plays in our industry including

o The start of our industry in 1971

o Who is doing research today

– It’s great that we have an academic on the show today to talk to us about their research and how the cyber security community can get more engaged with academia

Professor Lizzie Coles Kemp is a qualitative researcher who uses creative engagement methods to explore everyday practices of information production, protection, circulation, curation and consumption within and between communities. She took up a full-time academic post in 2008 and prior to joining Royal Holloway University of London she worked for 18 years as an information security practitioner. Lizzie’s focus is the intersection between perceptions and narratives of individual and community security and technological security. Her research specialises in public and community service design and consumption. Lizzie is currently an EPSRC research fellow with a research programme in everyday security and digital service design.

– How Lizzie landed in Information Security in 1990 because she spoke Swedish and why she enjoys security

– Why cybersecurity professionals are diverse and why it is important

– How design thinking tools can be use in cybersecurity including storytelling, using different mediums – story boarding, lego, and forms of physical modelling to represent security to think through all the things that contribute to a secure interaction etc

– The importance of bringing together different thinking and ways of solving the problem

– Why we need to ask the question from different angles and ask the fundamental questions – why does it work (as well as what doesn’t work)

– How do we actually use design thinking? Lizzie walks through an example on where engagement on security awareness training is low and how you could use design thinking to understand the everyday of those not engaging with the training. It allows us to take a step back.

– An overview of the ‘You Shape Security’ program Lizzie had worked on with the NCSC

– The need to work with and not work against and understand the benefit as well as the benefit gaps you need to resolve of a security measure (technology, policy, service).

– How you can scale capacity of these kind of engagements as they are low fidelity

– Why this sort of thinking is a great bridge to other parts of the organisation

o Research has show security practitioners spend a lot of time interacting and communicating but the framing/language is alien to those outside of security

o Design tools are a useful bridge into the other world as they don’t use specialist language and why HR, Product Designers, CEOs, the board like these engagements as they help them to understand what is going on, on the front lines

o They help to highlight the creativity and the positive (as well as the negative and the blockages). Security can be both negative AND positive

– Lizzie touches briefly on her work in Sweden on the digitisation programs – how digitisation changes how decisions are made, where the processes happen and frees up spaces, so that we can have other interactions (there) so that we can start to work with people to understand better their information flows and the benefits they get.

– Lizzie works us through how we can better engage with academia – to imagine different futures through design café, sprints and workshops in spaces that help us to build a more creative toolkit to think about different types of security challenges and the only way we can do this is by working together.

o Lizzie would love to work together more not in solution mode but in imagining different futures

o Lizzie talks about the great example of the security practice conference and how the teams from different areas came up with different ideas on how to go forward. These are the sort of activities that will spark new and interesting academia and security practice collaborations

– Lizzie will be in Australia in September for 3 weeks and loves our open nature and willingness to embrace new ideas

– Why Lizzie thinks Australia has such a fantastic capability around civil resilience around bush fires, food security and environmental and how Lizzie thinks Australia could lead the world in resilience thinking

– Our key takeaways from the chat including

o The potential of Australia when it comes to cyber resilience

o The need to identify (and work on) those benefit gaps when it comes to people’s view on a security control, policy or service

o The way we can use design thinking to help us solve problems in cyber security

How to follow Lizzie:

Email: Lizzie.Coles-Kemp@rhul.ac.uk

Guest: Professor Lizzie Coles Kemp

Hosts: Beverley Roche and Louisa Vogelenzang

Producer/Editor: Louisa Vogelenzang

Sound Producer: Darcy Milne (Propodcastproduction.com)

Where cybersecurity began – with a research project! https://www.cybersecurity-insiders.com/a-brief-history-of-cybersecurity/

The cybersecurity Cooporative research centre in Australia https://www.cybersecuritycrc.org.au

10 signs that you aren’t suited to a career in cyber security https://www.techrepublic.com/article/10-signs-you-arent-cut-out-to-be-a-cybersecurity-specialist/

NCSC ‘origins’ research into cybersecurity background that Lizzie mentioned https://www.ncsc.gov.uk/blog-post/origin-stories

Professor Lizzie Coles Kemp’s YouTube on ‘Digital security for all’ https://www.youtube.com/watch?v=tL-K0yM4PLA

NCSC ‘You Shape Security’ booklets that Lizzie mentioned https://www.ncsc.gov.uk/collection/you-shape-security

Digitizing Sweden (also mentioned by Lizzie:

Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café

Email us:

Visit our website: https://www.cybersecuritycafe.com.au

Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.

We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.