Category: Conferences

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to bring together a diverse set of political scientists, law professors, philosophers, AI researchers and other industry practitioners, political activists, and creative types (including science fiction writers) to discuss how democracy might be reimagined in the current century.

The goal of the workshop is to think very broadly. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology. If democracy were to be invented today, it would look very different. Elections would look different. The balance between representation and direct democracy would look different. Adjudication and enforcement would look different. Everything would look different, because our conceptions of fairness, justice, equality, and rights are different, and we have much more powerful technology to bring to bear on the problems. Also, we could start from scratch without having to worry about evolving our current democracy into this imagined future system.

We can’t do that, of course, but it’s still still valuable to speculate. Of course we need to figure out how to reform our current systems, but we shouldn’t limit our thinking to incremental steps. We also need to think about discontinuous changes as well. I wrote about the philosophy more in this essay about IWORD 2022.

IWORD 2024 was easily the most intellectually stimulating two days of my year. It’s also intellectually exhausting; the speed and intensity of ideas is almost too much. I wrote the format in my blog post on IWORD 2023.

Summaries of all the IWORD 2024 talks are in the first set of comments below. And here are links to the previous IWORDs:

IWORD 2025 will be held either in New York or New Haven; still to be determined.

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geographers, neuroscientists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

Our goal is always to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to six to eight minutes, with the rest of the time for open discussion. Short talks limit presenters’ ability to get into the boring details of their work, and the interdisciplinary audience discourages jargon.

Since the beginning, this workshop has been the most intellectually stimulating two days of my professional year. It influences my thinking in different and sometimes surprising ways—and has resulted in some new friendships and unexpected collaborations. This is why some of us have been coming back every year for over a decade.

This year’s schedule is here. This page lists the participants and includes links to some of their work. Kami Vaniea liveblogged both days.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, fourteenth, fifteenth and sixteenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio/video recordings of the sessions. Ross maintained a good webpage of psychology and security resources—it’s still up for now.

Next year we will be in Cambridge, UK, hosted by Frank Stajano.

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023) at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century.

My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology. Were democracy to be invented from scratch today, with today’s technologies, it would look very different. Representation would look different. Adjudication would look different. Resource allocation and reallocation would look different. Everything would look different, because we would have much more powerful technology to build on and no legacy systems to worry about.

Such speculation is not realistic, of course, but it’s still valuable. Everyone seems to be talking about ways to reform our existing systems. That’s critically important, but it’s also myopic. It represents a hill-climbing strategy of continuous improvements. We also need to think about discontinuous changes that you can’t easily get to from here; otherwise, we’ll be forever stuck at local maxima.

I wrote about the philosophy more in this essay about IWORD 2022. IWORD 2023 was equally fantastic, easily the most intellectually stimulating two days of my year. The event is like that; the format results in a firehose of interesting.

Summaries of all the talks are in the first set of comments below. (You can read a similar summary of IWORD 2022 here.) Thank you to the Ash Center and the Belfer Center at Harvard Kennedy School, and the Knight Foundation, for the funding to make this possible.

Next year, I hope to take the workshop out of Harvard and somewhere else. I would like it to live on for as long as it is valuable.

Now, I really want to explain the format in detail, because it works so well.

I used a workshop format I and others invented for another interdisciplinary workshop: Security and Human Behavior, or SHB. It’s a two-day event. Each day has four ninety-minute panels. Each panel has six speakers, each of whom presents for ten minutes. Then there are thirty minutes of questions and comments from the audience. Breaks and meals round out the day.

The workshop is limited to forty-eight attendees, which means that everyone is on a panel. This is important: every attendee is a speaker. And attendees commit to being there for the whole workshop; no giving your talk and then leaving. This makes for a very collaborative environment. The short presentations means that no one can get too deep into details or jargon. This is important for an interdisciplinary event. Everyone is interesting for ten minutes.

The final piece of the workshop is the social events. We have a night-before opening reception, a conference dinner after the first day, and a final closing reception after the second day. Good food is essential.

Honestly, it’s great but it’s also it’s exhausting. Everybody is interesting for ten minutes. There’s no down time to zone out or check email. And even though a shorter event would be easier to deal with, the numbers all fit together in a way that’s hard to change. A one-day event means only twenty-four attendees/speakers, and that’s not a critical mass. More people per panel doesn’t work. Not everyone speaking creates a speaker/audience hierarchy, which I want to avoid. And a three-day, slower-paced event is too long. I’ve thought about it long and hard; the format I’m using is optimal.

Brad Freeman, Director of Technology at SenseOn introduce himself as a security professional with both practical and leadership experience and outlined in his talk the importance of doing the SOC basics right, from a perspective of people and processes.  

Brad began by discussing how in many cases, analysts want to deal with serious security investigations: Compromises, incidents, things generally going wrong. This is something that they can get on a regular basis at a large organisation. However, this is less obviously achievable at a mid-market organisation.  

A solution here is to ensure that the technology deployed at a mid-market company can empower their analysts, by ensuring that they have interesting security investigation to undertake, which can keep them curious and engaged. By enabling curious analysts, they will develop into more senior analysts.  

Another key element in empowering your SOC team is to raise their internal profile: ensure that the security operations centre looks like just that: An operations centre, not just a portion of the office. Then, invite people to come on tours of a SOC, to ensure the entire company knows what is happening there and how important it is.  

Another common trap in terms of empowering security teams which was outlined by Freeman was the total outsourcing of SOC activity to a third-party: Nobody knows your company like someone in your company.  

He hypothesised that the best SOCs deploy a hybrid model, to ensure that internal business processes or activities (such as a potential M&A activity) are accounted for in terms of understanding network traffic within context.  

Freeman also suggested a key problem is a lack of direction or strategy in place from leadership: Make the SOC work is the only objective many CISOs will provide. This is not an adequate replacement for a security strategy. Other problems outlined included vanity metrics, poor detection processes, and technology decisions being driven by [purchasing decisions, instead of a strategy.  

Brad’s parting advice for making a SOC work for you was as follows:  

  • Develop people  
  • Show value  
  • Use process  
  • Make tech decisions which solve your problem, not tick a box!  

To find out more about how SenseOn, click here  

The post Cybersecurity Awareness Month: DTX Recap with SenseOn on “Why SOCS Fail” appeared first on IT Security Guru.

To celebrate and connect cybersecurity’s remarkable women and their allies, Nineteen Group, organisers of International Cyber Expo, has launched ‘Grab the Mic: Women in Cyber’. The brand-new event, held within the wider exhibition, is produced and hosted by Eleanor Dallaway, founder of Assured Intelligence and former editor of Infosecurity Magazine.

Kicking off the event will be a keynote entitled ‘It Takes Two to Tango (If You Want to Tango Exceptionally Well)’ delivered by a female-male duo, a novel approach at a diversity event. The keynote will serve to reinforce the reality that we are stronger together, especially when on equal terms. This will then be followed by a panel discussion on ‘How to Land The Job of Your Dreams’, moderated by Eleanor.

Despite the longstanding cybersecurity skills gap, many still struggle to land their perfect job in the sector. The panel discussion will investigate this disconnect and invite individuals from various backgrounds to offer their perspectives. This includes a cybersecurity recruiter, a hiring manager, a senior industry professional that has made it to the Boardroom, and a newcomer to the sector. Audience members will also have a chance to ask the panellists their burning questions and seek advice on landing the job of their dreams.

“I am over the moon to have the opportunity to bring another women in cyber event to the sector, this time with International Cyber Expo as its home. I am as passionate today as I’ve ever been about improving inclusion in our industry, and nothing motivates me more than a room full of people who share that mission,” said Eleanor. 

“I’ve designed this event with the attendee at the heart and soul of it. I’ve spoken to people who have expressed a desire for greater opportunity to network at these events, so we’ve made that a core focus. We’ve built in enough time to schmooze, make friends and seek new job opportunities (for those looking). I’ve also been told that attendees want a guarantee that they’ll be granted access. So, I’ve worked with Rachael at Nineteen Group to ensure we have an event space big enough to welcome every single person who registers – without fail.”

“We’ve been listening to what the cybersecurity community wants, and many of the women in the sector want the chance to be heard. This is why we’re delivering an inspiring and educational networking event for women and their allies in the industry,” said Rachael Shattock, Group Event Director at Nineteen Group.

 “We are so pleased to have Eleanor Dallaway on board to help us bring this new event to life at International Cyber Expo 2023. With almost two decades of experience as a tech journalist, and having founded Women in Cybersecurity networking events in her time as editor of Infosecurity Magazine, she brings a wealth of insight and contacts that will no doubt make this event a huge success. Not to mention, she is a formidable industry role model in her own right.”

The event will be held on the Gallery Level at London Olympia on Tuesday, the 26th of September from 14:00 – 16:30 BST. Attendees can register via the following link for guaranteed entry: https://www.internationalcyberexpo.com/grab-mic-form

The event agenda continues to be developed. For the latest updates, visit: https://www.internationalcyberexpo.com/grab-mic-women-cyber

To register for FREE as a visitor: https://ice-2023.reg.buzz/it-security-guru

The post International Cyber Expo Launches ‘Grab the Mic: Women in Cyber’ Event appeared first on IT Security Guru.

International Cyber Expo has announced its programme for the annual Global Cyber Summit, sponsored by Sonatype, OpenText, and Infoblox, and hosted at Olympia London on the 26th and 27th of September 2023. The summit returns with greater international appeal. Among other topics of discussion, guest speakers will provide the Ukrainian perspective on cyber security, in light of recent geopolitical events.

With opening remarks by Professor Ciaran Martin CB, Chair of International Cyber Expo’s Advisory Council, the Global Cyber Summit assembles some of the industry’s greatest minds to review ongoing cyber threats, priorities and challenges. Uniquely, the programme this year invites advisors closely associated with Ukrainian government agencies to present their invaluable insight into the reality and impact of Russian cyber-attacks on the country and beyond. 

Special guest speakers include Oksana Kharchenko, a member of YouControl – a Ukrainian team of developers creating services for business analysis – who will delve into the challenges of managing sanctions risk in the current geopolitical setting. Andrew Hural, Director, MDR of UnderDefense – a prominent cyber security company offering pro bono services to Ukrainian government entities – will also reflect on the last 500 days of Russian cyber operations, determining the successes and failures of their espionage. 

Other globally pertinent subject matters will be discussed by world-renowned experts as well. 

Below are a few agenda highlights: 

  • Nicola Whiting MBE, co-owner of Titania Group, will reveal why diversity and inclusion efforts might be stalling, and provides a new framework.
  • Theresa Deumchen, Tech Policy Associate at Global Counsel, examines the regulatory landscape concerning generative AI.
  • Alexsander Gorkowienko, SecurityLabs Senior Managing Consultant at Spirent Communications, will explain how EU security regulations, such as the NIS 2 Directive, might affect businesses across the region.
  • Jake Moore, Global Cyber Security Advisor at ESET, sheds light on his attempt to manipulate recruitment staff, land a job inside a company and gain full access to their data. 
  • Stewart Bertram, Head of Cyber Threat Intelligence at Elemendar, utilises a mix of case studies and theories to expose the crossover between misinformation and cyber threat operations.
  • Rashik Parmar, Group CEO of BCS, The Chartered Institute for IT, and Dr Saritha Arunkumar, IBM Public Cloud Worldwide Technical Leader – Security, sit together on a panel to address the question: What does the rise of AI and quantum computing mean for the future of cyber security?
  • Charlotte Hooper, Helpline Manager at The Cyber Helpline highlights the impact of cybercrime on individuals and what can be done to support them.

Attendees of the Global Cyber Summit can also take advantage of scheduled talks at the co-located International Security Expo. In fact, Joel Aleburu at Microsoft will be speaking here about the role of cyber espionage in terrorist activities on the first day of the event; while Joe Wrieden, Intelligence Analyst at Cyjax will assess the key role of Advanced Persistent Threats (APTs) in serious and organised crime on the second day.

“It has been an absolute delight and honour to curate International Cyber Expo’s Global Cyber Summit agenda, once again. We received a substantial influx of speaker submissions, far surpassing that of last year, which only goes to prove the event’s success since its inaugural launch last year,” said Philip Ingram MBE, former senior British Military Intelligence Officer and Content Lead for International Cyber Expo. “We have a phenomenal schedule of speakers, tackling a number of timely topics from AI and quantum computing to the Ukrainian experience amid its Russian invasion. Equally important, and what makes the Summit one-of-a-kind, is the opportunity for audiences to explore the overlapping nature of these issues in the cyber and physical worlds, considering International Security Expo is just down the hall.”

All sessions are CPD Certified. 

While it continues to be refined, you can find the latest Global Cyber Summit programme and details about speakers, here: https://www.internationalcyberexpo.com/international-security-conference 

To register for FREE as a visitor: https://ice-2023.reg.buzz/eskenzi

The post Programme for International Cyber Expo’s Global Cyber Summit 2023 Announced appeared first on IT Security Guru.

I’m just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geographers, neuroscientists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

Our goal is always to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to six to eight minutes, with the rest of the time for open discussion. Short talks limit presenters’ ability to get into the boring details of their work, and the interdisciplinary audience discourages jargon.

For the past decade and a half, this workshop has been the most intellectually stimulating two days of my professional year. It influences my thinking in different and sometimes surprising ways­ 00 and has resulted in some unexpected collaborations.

And that’s what’s valuable. One of the most important outcomes of the event is new collaborations. Over the years, we have seen new interdisciplinary research between people who met at the workshop, and ideas and methodologies move from one field into another based on connections made at the workshop. This is why some of us have been coming back every year for over a decade.

This year’s schedule is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is live blogging the talks. We are back 100% in person after two years of fully remote and one year of hybrid.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, fourteenth, and fifteenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio/video recordings of the sessions. Ross also maintains a good webpage of psychology and security resources.

It’s actually hard to believe that the workshop has been going on for this long, and that it’s still vibrant. We rotate between organizers, so next year is my turn in Cambridge (the Massachusetts one).

Last week, I hosted a two-day workshop on reimagining democracy.

The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a “what we need to do today” perspective and more from a blue-sky future perspective. My remit to the participants was this:

The idea is to start from scratch, to pretend we’re forming a new country and don’t have any precedent to deal with. And that we don’t have any unique interests to perturb our thinking. The modern representative democracy was the best form of government mid-eighteenth century politicians technology could invent. The twenty-first century is a very different place technically, scientifically, and philosophically. What could democracy look like if it were reinvented today? Would it even be democracy­—what comes after democracy?

Some questions to think about:

  • Representative democracies were built under the assumption that travel and communications were difficult. Does it still make sense to organize our representative units by geography? Or to send representatives far away to create laws in our name? Is there a better way for people to choose collective representatives?
  • Indeed, the very idea of representative government is due to technological limitations. If an AI system could find the optimal solution for balancing every voter’s preferences, would it still make sense to have representatives­—or should we vote for ideas and goals instead?
  • With today’s technology, we can vote anywhere and any time. How should we organize the temporal pattern of voting—­and of other forms of participation?
  • Starting from scratch, what is today’s ideal government structure? Does it make sense to have a singular leader “in charge” of everything? How should we constrain power­—is there something better than the legislative/judicial/executive set of checks and balances?
  • The size of contemporary political units ranges from a few people in a room to vast nation-states and alliances. Within one country, what might the smaller units be­—and how do they relate to one another?
  • Who has a voice in the government? What does “citizen” mean? What about children? Animals? Future people (and animals)? Corporations? The land?
  • And much more: What about the justice system? Is the twelfth-century jury form still relevant? How do we define fairness? Limit financial and military power? Keep our system robust to psychological manipulation?

My perspective, of course, is security. I want to create a system that is resilient against hacking: one that can evolve as both technologies and threats evolve.

The format was one that I have used before. Forty-eight people meet over two days. There are four ninety-minute panels per day, with six people on each. Everyone speaks for ten minutes, and the rest of the time is devoted to questions and comments. Ten minutes means that no one gets bogged down in jargon or details. Long breaks between sessions and evening dinners allow people to talk more informally. The result is a very dense, idea-rich environment that I find extremely valuable.

It was amazing event. Everyone participated. Everyone was interesting. (Details of the event—emerging themes, notes from the speakers—are in the comments.) It’s a week later and I am still buzzing with ideas. I hope this is only the first of an ongoing series of similar workshops.

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, Alice Hutchings, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philosophers, anthropologists, geographers, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

For the past decade and a half, this workshop has been the most intellectually stimulating two days of my professional year. It influences my thinking in different and sometimes surprising ways—and has resulted in some unexpected collaborations.

Our goal is always to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to six to eight minutes, with the rest of the time for open discussion. Because everyone was not able to attend in person, our panels all include remote participants as well. The hybrid structure is working well, even though our remote participants aren’t around for the social program.

This year’s schedule is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, and fourteenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio/video recordings of the various workshops. Ross also maintains a good webpage of psychology and security resources.