Blog post

CyberUK 2017: People - The Strongest Link

Created:  27 Feb 2017
Updated:  27 Feb 2017
Author:  Emma W
Lightning talks at CyberUK

Like many of my colleagues, I'm currently rushing around getting things ready for CyberUK 2017, to make sure that everyone at the event will find it useful, enjoyable and (we hope) thought-provoking.

If you're coming to CyberUK 2017 - and if you haven't booked yet and you're in the Strategy and Industry sectors, there's still time - one of the first things you'll see there is me, up on the main stage. I'm going to be talking about my team's latest-and-most-exciting piece of work, which is called 'People: The Strongest Link'.

We're all familiar with the idea of people - particularly end users - being the weakest link in security. While I can see where the notion comes from, I think it's unfair and unhelpful. I argue that treating people this way actually undermines good security. During my plenary speech I'll be talking about why:

  • we must treat security as a complex sociotechnical system, in which people are a crucial component
  • users can actually be the strongest link in security, but only if we let them, because...
  • needs to work for people, or it doesn't work at all

We'll be following this up throughout the conference with a whole track of content devoted to People: The Strongest Link. We'll be exploring how we arrived at these ideas, how we see them working in practice, and the key challenges we need to address. We'll be hearing from a wide range of technical experts and specialists from across the NCSC - plus our partners in academia and industry - to ensure we explore all the knottiest questions, from a variety of different angles.

If this interests you (or even if you think we're disastrously misguided and you want to shoot the ideas down in flames), I hope you'll be able to make it to Liverpool between the 14th and 16th of March. If you can't make it, have a read through some of our past blog posts to see what we've said so far - and keep watching our website this year to see more on People: The Strongest Link as we publish it.

I hope to see you at CyberUK 2017 - it's going to be a great event, and an exciting year in people-centred security!


Emma W

People-Centred Security Lead, Sociotechnical Security Group, NCSC


Karl Almond - 28 Feb 2017
Hi Emma, which day will you be presenting this?
Emma W - 01 Mar 2017
Hi Karl. Thank you for your comment. I will be speaking on the Wednesday morning but you can find the full agenda and further information for CYBERUK here:
Elaine Down - 10 Mar 2017
Hi Emma, really please to hear about People being the strongest link. I will miss the conference unfortunately but keen to expand my own research into the people skills needed to meet the UK's National Cyber Security Strategy. Can you help?
Many thanks
Emma W - 27 Mar 2017
Hi Elaine. Many thanks for your comment, and I’m interested to learn more about your research about people skills in cyber security. If you'd like to discuss further feel free to contact our Enquiries team and ask them to pass your email along. We need to rebalance the skills we commonly see in those who work in cyber security. We have plenty of focus on tech, and we’ll always need that. We know about the importance of process, policy, guidance and standards – and that’s much-needed too. The bit that is, we feel, sometimes under-valued is the spectrum of ‘softer’ skills: effective communication, influencing, persuasion, collaboration, teamworking, business change to name but a few. Many security practitioners are, of course adepts at many of these skills – but we don’t always realise it, or value these skills as highly as we should. One important piece of work in this field, which we sponsored and produced in collaboration with Cranfield University and are now taking further forward within CREST, is , which you might find of interest. My team will continue to blog regularly so keep your eye open for more here from us.
Elaine Down - 08 Jun 2017
Hi Emma, I would very much like to continue this conversation. I have responded as requested a few times but have not heard anything yet. Can you obtain the email linked to this comment? Thanks
NCSC Communications Team - 21 Aug 2018
This blog is now closed to comments.

Was this blog post helpful?

We need your feedback to improve this content.

Yes No