Like many of my colleagues, I'm currently rushing around getting things ready for CyberUK 2017, to make sure that everyone at the event will find it useful, enjoyable and (we hope) thought-provoking.
If you're coming to CyberUK 2017 - and if you haven't booked yet and you're in the Strategy and Industry sectors, there's still time - one of the first things you'll see there is me, up on the main stage. I'm going to be talking about my team's latest-and-most-exciting piece of work, which is called 'People: The Strongest Link'.
We're all familiar with the idea of people - particularly end users - being the weakest link in security. While I can see where the notion comes from, I think it's unfair and unhelpful. I argue that treating people this way actually undermines good security. During my plenary speech I'll be talking about why:
- we must treat security as a complex sociotechnical system, in which people are a crucial component
- users can actually be the strongest link in security, but only if we let them, because...
- ...security needs to work for people, or it doesn't work at all
We'll be following this up throughout the conference with a whole track of content devoted to People: The Strongest Link. We'll be exploring how we arrived at these ideas, how we see them working in practice, and the key challenges we need to address. We'll be hearing from a wide range of technical experts and specialists from across the NCSC - plus our partners in academia and industry - to ensure we explore all the knottiest questions, from a variety of different angles.
If this interests you (or even if you think we're disastrously misguided and you want to shoot the ideas down in flames), I hope you'll be able to make it to Liverpool between the 14th and 16th of March. If you can't make it, have a read through some of our past blog posts to see what we've said so far - and keep watching our website this year to see more on People: The Strongest Link as we publish it.
I hope to see you at CyberUK 2017 - it's going to be a great event, and an exciting year in people-centred security!
People-Centred Security Lead, Sociotechnical Security Group, NCSC