incredibly important for innovation. We need people with different backgrounds, interests and perspectives to be involved in our world and help pull together a new narrative that is more fitting for current security challenges. We need people who are interested in social solutions: in looking at ways that people can be made to feel safe and secure, in building human resilience, in working with people to see how security can help them do their jobs rather than get in the way. There are glimpses that this new thinking is happening already. The Security Influence and Trust group adopted the theme ‘Ask Out Loud’ for Safer Internet Day 2017 (#AskOutLoud). Rather than technology, they adopted a social solution, promoting the idea of asking someone else if you’re not sure about an email or other message. Recent (ISC)2 research also notes that women in management positions in information security have a wide variety of educational backgrounds as contrasted with men who ‘overwhelmingly have engineering or computer science backgrounds.’ The research states ‘their wider variety of backgrounds reflects the different skillsets that women bring to their roles, and highlights the values of their interdisciplinary skills.’
We need to work out what matters I’ve been working in cyber security for over 15 years but I often feel I’m not really accepted by many of my more technically credentialed colleagues. I firmly believe that it’s time for cyber security to mature and add a new ‘social’
dimension. I believe that women and others from a broad range of backgrounds, can help re-formulate some of the fundamental principles of cyber security, so we can answer in a meaningful way some of the big questions such as ‘What is it that information security enables organisations and people to do?’;’What are the values we hold dear that information security supports?’; ‘What freedoms can we create through cyber security?.’ Without this new thinking, we will continue to rely on the language of war, the fables of the strong attacker and the weak user. We will use outdated practices based on technical controls directed at asset protection; praying for a cyber event so catastrophic that it will make cyber security professionals important and relevant, while heading towards oblivion. Bring in women and social scientists, creative designers, psychologists, philosophers, organisational and learning specialists and educators. Let us have a broad, inclusive, innovative conversation and see if we can agree on how information security can help us achieve what matters. If we do that, I am sure more women will see cyber security as something with which they want to be involved. From the Author With many thanks to my friend and colleague Dr Lizzie Coles-Kemp and the many conversations we've had over the last few years about negative and positive security, information security practice, the importance of diversity, the human experience and the future.
ISSUE #2
DUE OUT IN JULY Want your brand here? Get in touch today! Discount applies to AISA Sponsors. T | +61 8 6465 4732 promoteme@australiancybersecuritymagazine.com.au 30 | Australian Cyber Security Magazine