Presentation describes the problems associated with communication with others - as an information receiver or provider - about cybersecurity and provides insights into how those problems may be overcome through structured communication, the use of positive and negative space, and the setting of perspective and context through lensing.
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We're likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we've managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about "Information Security Risk". In fact, it's worth noting that we can't even agree if there is a space between "Cyber" and "Security" when it's written out. This talk will take an anecdotal look at "Information Security Risk", "Cyber<>Security", and use that perspective to suggest areas of research and data gathering that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
Given at SOURCE Boston 2013, this presentation is one of the only places you will find the conceptual and policy underpinnings of U.S. national cyber security and critical infrastructure protection efforts and information about the recent White House Cyber Executive Order
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
The following presentation slides were used during the 2014 Cyber Summit Panel Session on Cyber Critical Infrastructure Guidelines at the University of Alabama at Birmingham
Dr. Daniel M. Gerstein has served as the Deputy Under Secretary for Science & Technology in the Department of Homeland Security since August 2011. He is also an Adjunct Professor at American University in Washington, DC at the School of International Service (SIS) where he teaches graduate level courses on biological warfare and the evolution of military thought.
Dr. Gerstein has extensive experience in the security and defense sectors in a variety of positions while serving as a Senior Executive Service (SES) government civilian, in uniform, and in industry. Before joining DHS, he served as the Principal Director for Countering Weapons of Mass
Destruction (WMD) within the Office of the Secretary of Defense (Policy). He has served on four different continents participating in homeland security and counterterrorism, peacekeeping, humanitarian assistance, and combat in addition to serving for over a decade in the Pentagon in various high level staff assignments. Following retirement from active duty, Dr. Gerstein joined L-3 Communications as Vice President for Homeland Security Services, leading an organization providing WMD preparedness and response, critical infrastructure security, emergency response capacity, and exercise support to U.S. and international customers.
Dr. Gerstein also has extensive experience in international negotiations having served on the Holbrooke Delegation that negotiated the peace settlement in Bosnia, developed and analyzed negotiating positions for the Conventional Armed Forces in Europe (CFE) talks, and developed an initiative to improve cross border communications between Colombia and neighboring Andean Ridge nations. Additionally, Dr. Gerstein led an initiative to develop a comprehensive biosurveillance system for the Department of Defense (2010-2011), served on the leadership team for the Project for National Security Reform (PNSR) which was charged with developing a new national security act to reflect the changing security environment (2007-2008), co-led the Secretary of the Army’s Transition Team (2004-2005), and led the Army’s most comprehensive restructuring since World War II (2000-2001).
He has been awarded numerous military and civilian awards including an award from the Government of Colombia, the Department of State’s Distinguished Service Award, and the U.S. Army Soldiers Medal for heroism.
He has published numerous books and articles on national security, biological warfare, and information technology including Bioterror in the 21st Century (Naval Institute Press, October 2009), ICMA Report: Planning for a Pandemic (ICMA Press, Volume 39/Number 3 2007), Securing America’s Future: National Strategy in the Information Age (Praeger Security International, September 2005); Leading at the Speed of Light (Potomac Books, November 2006); Assignment Pentagon (Potomac Books, May 2007). He has also served as a fellow at the Council on Foreign Relations and is a current member.
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We're likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we've managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about "Information Security Risk". In fact, it's worth noting that we can't even agree if there is a space between "Cyber" and "Security" when it's written out. This talk will take an anecdotal look at "Information Security Risk", "Cyber<>Security", and use that perspective to suggest areas of research and data gathering that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
Given at SOURCE Boston 2013, this presentation is one of the only places you will find the conceptual and policy underpinnings of U.S. national cyber security and critical infrastructure protection efforts and information about the recent White House Cyber Executive Order
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
The following presentation slides were used during the 2014 Cyber Summit Panel Session on Cyber Critical Infrastructure Guidelines at the University of Alabama at Birmingham
Dr. Daniel M. Gerstein has served as the Deputy Under Secretary for Science & Technology in the Department of Homeland Security since August 2011. He is also an Adjunct Professor at American University in Washington, DC at the School of International Service (SIS) where he teaches graduate level courses on biological warfare and the evolution of military thought.
Dr. Gerstein has extensive experience in the security and defense sectors in a variety of positions while serving as a Senior Executive Service (SES) government civilian, in uniform, and in industry. Before joining DHS, he served as the Principal Director for Countering Weapons of Mass
Destruction (WMD) within the Office of the Secretary of Defense (Policy). He has served on four different continents participating in homeland security and counterterrorism, peacekeeping, humanitarian assistance, and combat in addition to serving for over a decade in the Pentagon in various high level staff assignments. Following retirement from active duty, Dr. Gerstein joined L-3 Communications as Vice President for Homeland Security Services, leading an organization providing WMD preparedness and response, critical infrastructure security, emergency response capacity, and exercise support to U.S. and international customers.
Dr. Gerstein also has extensive experience in international negotiations having served on the Holbrooke Delegation that negotiated the peace settlement in Bosnia, developed and analyzed negotiating positions for the Conventional Armed Forces in Europe (CFE) talks, and developed an initiative to improve cross border communications between Colombia and neighboring Andean Ridge nations. Additionally, Dr. Gerstein led an initiative to develop a comprehensive biosurveillance system for the Department of Defense (2010-2011), served on the leadership team for the Project for National Security Reform (PNSR) which was charged with developing a new national security act to reflect the changing security environment (2007-2008), co-led the Secretary of the Army’s Transition Team (2004-2005), and led the Army’s most comprehensive restructuring since World War II (2000-2001).
He has been awarded numerous military and civilian awards including an award from the Government of Colombia, the Department of State’s Distinguished Service Award, and the U.S. Army Soldiers Medal for heroism.
He has published numerous books and articles on national security, biological warfare, and information technology including Bioterror in the 21st Century (Naval Institute Press, October 2009), ICMA Report: Planning for a Pandemic (ICMA Press, Volume 39/Number 3 2007), Securing America’s Future: National Strategy in the Information Age (Praeger Security International, September 2005); Leading at the Speed of Light (Potomac Books, November 2006); Assignment Pentagon (Potomac Books, May 2007). He has also served as a fellow at the Council on Foreign Relations and is a current member.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Chuck Brooks, thought leadership on Homeland Security & Cybersecurity, and Em...Chuck Brooks
Summary of writing, speaking, management and leadership activities of Chuck Brooks, Vice President of Sutherland Government Solution on Homeland Security, Cybersecurity, emerging technologies, IoT, Government Relations, and Thought Leadership
Does your business have a disaster preparedness plan? This SlideShare will cover all considerations necessary to formulate a comprehensive plan following the NFPA 1600 Standards followed by the US Department of Homeland Security.
"Evolving cybersecurity strategies" - Seizing the OpportunityDean Iacovelli
Why does security feel like the most frustrating challenge in government IT ? In part because security in a cloud-first, mobile-first world calls for new approaches. Data is accessed, used, and shared on-prem and in the cloud – erasing traditional security boundaries. We’ll examine current trends in cyber security and some resulting strategy shifts that have the potential to greatly enhance public sector organizations’ ability to balance risk and access, better detect and respond to attacks and just make faster and more coordinated cybersecurity decisions overall. Follow-on sessions in the series will delve more deeply into specific facets of an overall cybersecurity strategy.
Professor Martin Gill, Director, Perpetuity Research CSSaunders
A presentation by Professor Martin Gill, Director, Perpetuity Research on the role of private security in tackling cybercrime, delivered at the Police Foundation's annual conference 'Policing and Justice for a Digital Age'.
Chuck Brooks Profile: on Homeland Security, Cybersecurity, Emerging Technolog...Chuck Brooks
From LinkedIn's Marketing Blog: Chuck Brooks – Security Voice and “Government Relations and Marketing Executive, Thought Leader”
Chuck’s varied security experience is evident in what he publishes. From aviation to public sector, government to science, his posts take on the multifaceted aspects of cyber security as it relates to industries/verticals, homeland issues and next-gen technology. Since he’s keen on variety, with formats ranging from expert Q&As to content roundups, to non-tech posts associated with topics/verticals he’s covered, his perspective truly stands out.
Tech marketer takeaways: Chuck focuses core content on security, but isn’t afraid to include content tangentially related to core subject matter (e.g. a post focused on mastering the art of influence in Washington, D.C.) which incorporates fresh/unexpected content to help keep readers interested and foster conversation.
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
In 2012, I led the first joint cyber operations with the Indian Air Force. Seven years too late, we have started talking about cyber jointness.
“Synergy in Joint Cyber Operations” presented at an Indian National Defence University event. The first time ever that jointness was discussed in the Indian context. Not very verbose for obvious reasons – I flagged politics and turf wars. Some shakeups are happening; the Defence Cyber Agency is up. Winds of change…
Chuck Brooks profile on cybersecurity, homeland security, and emerging techno...Chuck Brooks
Speaker and Writer and Leadership profile of Chuck Brooks on Emerging Technologies, Cybersecurity,Artificial Intelligence, and perspectives on contemporary issues of the day
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Chuck Brooks, thought leadership on Homeland Security & Cybersecurity, and Em...Chuck Brooks
Summary of writing, speaking, management and leadership activities of Chuck Brooks, Vice President of Sutherland Government Solution on Homeland Security, Cybersecurity, emerging technologies, IoT, Government Relations, and Thought Leadership
Does your business have a disaster preparedness plan? This SlideShare will cover all considerations necessary to formulate a comprehensive plan following the NFPA 1600 Standards followed by the US Department of Homeland Security.
"Evolving cybersecurity strategies" - Seizing the OpportunityDean Iacovelli
Why does security feel like the most frustrating challenge in government IT ? In part because security in a cloud-first, mobile-first world calls for new approaches. Data is accessed, used, and shared on-prem and in the cloud – erasing traditional security boundaries. We’ll examine current trends in cyber security and some resulting strategy shifts that have the potential to greatly enhance public sector organizations’ ability to balance risk and access, better detect and respond to attacks and just make faster and more coordinated cybersecurity decisions overall. Follow-on sessions in the series will delve more deeply into specific facets of an overall cybersecurity strategy.
Professor Martin Gill, Director, Perpetuity Research CSSaunders
A presentation by Professor Martin Gill, Director, Perpetuity Research on the role of private security in tackling cybercrime, delivered at the Police Foundation's annual conference 'Policing and Justice for a Digital Age'.
Chuck Brooks Profile: on Homeland Security, Cybersecurity, Emerging Technolog...Chuck Brooks
From LinkedIn's Marketing Blog: Chuck Brooks – Security Voice and “Government Relations and Marketing Executive, Thought Leader”
Chuck’s varied security experience is evident in what he publishes. From aviation to public sector, government to science, his posts take on the multifaceted aspects of cyber security as it relates to industries/verticals, homeland issues and next-gen technology. Since he’s keen on variety, with formats ranging from expert Q&As to content roundups, to non-tech posts associated with topics/verticals he’s covered, his perspective truly stands out.
Tech marketer takeaways: Chuck focuses core content on security, but isn’t afraid to include content tangentially related to core subject matter (e.g. a post focused on mastering the art of influence in Washington, D.C.) which incorporates fresh/unexpected content to help keep readers interested and foster conversation.
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
In 2012, I led the first joint cyber operations with the Indian Air Force. Seven years too late, we have started talking about cyber jointness.
“Synergy in Joint Cyber Operations” presented at an Indian National Defence University event. The first time ever that jointness was discussed in the Indian context. Not very verbose for obvious reasons – I flagged politics and turf wars. Some shakeups are happening; the Defence Cyber Agency is up. Winds of change…
Chuck Brooks profile on cybersecurity, homeland security, and emerging techno...Chuck Brooks
Speaker and Writer and Leadership profile of Chuck Brooks on Emerging Technologies, Cybersecurity,Artificial Intelligence, and perspectives on contemporary issues of the day
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapitolTechU
Slides from a Webinar presented on Oct. 6, 2022, by Dr. Kellup Charles, Chair of Cybersecurity at Capitol Technology University. Dr. Charles looks at OSINT--Open Source Intelligence, including the Process, Method, and Techniques.
Risk metric frameworks cover most of the elements that organizations deal with from an operational perspective. We have identified a gap in those, in which social media activities are not represented well (albeit being the highest growing attack vector). In this talk we’ll present a social media risk metric framework that allows organizations to measure and track both individuals as well as 3rd party entities risk to the organization.
Practical Opinion Mining for Social MediaDiana Maynard
This tutorial will introduce the concepts of sentiment analysis and opinion mining from unstructured text in social media, looking at why they are useful and what tools and techniques are available. It will cover both rule-based and machine learning techniques, provide some background information on the key underlying NLP processes required, and look in detail at some of the major problems and solutions, such as detection of sarcasm, use of informal language, spam opinion detection, trustworthiness of opinion holders, and so on. The techniques will be demonstrated with real applications developed in GATE, an open-source language processing toolkit. Links are provided to some hands-on material to try at home.
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
Held February 2019
Annual Privacy and Security Conference
Workshop re: Cybersecurity, Ethics and Careers
Presentation Schedule: https://psv20th.sched.com/event/Jrtl/you-are-the-alpha-and-omega-of-a-secure-future-explore-understand-and-practice-your-role-in-advancing-a-positive-cybersecurity
This presentation analyzes the TED Talk by Susan Etlinger on "What do you do with all this big data". Gathering the insights and employing them are the two important things exhibited by the presentation.
CyberSecurity has multiple facets. This talk will cover the various aspects. This talk will also highlight the fundamental problems in the space; from the technical, policy and personnel perspectives. A diverse agenda with a singular, focused mission needs to have multiple voices and cultures at the table. Thus, this talk will focus heavily on bias and ways of addressing them in the effort of creating a world class cybersecurity program.
Similar to Effective Cybersecurity Communication Skills (20)
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
3. While developing this presentation, I realized I needed
to clearly explain “Cybersecurity” a bit before we could
learn to talk about it.
So, I started looking up “Cyber” in Google images.
A picture is worth 1000 words, right?
So, “Cybersecurity”…what is it?
3/6/2015 3
11. What do you think “Cybersecurity” is?
3/6/2015 11
12. Why does this noise matter?
At some point, “Cybersecurity” will make its way into your life
and, when it does, you will likely have to talk about it - to each
other, to people you will never know, and to people who you
might not know you’re communicating with.
…And the present confusion creates skeletons and land mines…
For Everyone.3/6/2015 12
13. Skeletons and Landmines??
Cybersecurity is also a new discipline
– It’s not even a discipline
– We can’t even spell it the same way every time
– Combination of multiple disciplines glued together by
marketing, myth, culture, and media
– There are few common terms, perspectives, and
definitions, even among “experts”
– Even “Expert” is a tricky word….
Cybersecurity is exciting!
Everyone wants in!
That makes it a very noisy, confusing
topic with misleading information as
well as over and under reactions.
3/6/2015 13
14. Cybersecurity Experts (Really)
• System Administrators
• Malware Analysts
• Incident Responders
• Lawyers
• CISO’s
• Procurement Officials
• Chairmen of the Senate
Whatever Committee
• Heads of the NSA
• Senior Sales Engineers for
Security Companies
• Hackers
• Children
• Criminals
• Terrorists
• Journalists
• Developers
• Activists
• Evolutionary Biology PhD’s
• Diplomats
• Control Systems Engineers
• Civil Liberties Advocates
• Regulators and Auditors
• Emergency Managers
• Citizens
• Operations Staff
3/6/2015 14
15. And this is why it matters to you…
Clearly, cybersecurity is *never* just an IT issue –
you have a role to play
Whether you are IT security or an Emergency manager or a Lawyer:
– You will need to have a basic B.S. filter, at a minimum
– Customers and constituents are going to ask you questions
– There will be physical consequences of “cyber” activities
– You will be in mixed teams
– Legislation will affect you personally and professionally
– The media always wants its next cyber-high
Silence is often worse than poor communication
3/6/2015 15
16. So, what kind of an expert am I?
• Open Source: Development Team: Hackers!
• Commercial Security Company: Data Geek: Fake News!
• INL/ICS-CERT: National Cyber Incident Response: Heh
• TSA: Transportation SSA: Train Communications Wreck
• Non-Profit: Energy Industry: NIST/Class
• Independent: International, Twitter, Here!
3/6/2015 16
17. Why does it matter who we are?
Grudge Holders Motivations, Goals, Resources, Partners, Enemies
Fire Setters Vulnerabilities, Tools, Infrastructure, Tactics, Employer
Fire Fighters Vulnerabilities, Tools, Infrastructure, Tactics, Employer
Fire Code Writers Controls, Risks, Standards, Metrics, Maturity, Process
Fire Code Inspectors Auditing, Controls, Metrics, Compliance
Victims Privacy, Consequence, Compensation, Protection, Law, Emotion
Asset Owners Risk, Likelihood, Compliance, Reputation, Cost
Equipment Vendors Features, Controls, Reliability, Solutions
Government Partnership, Assurance, Protection, Regulation
Reporters Are they going to shut down the power grid like in that movie?
Understanding Cybersecurity
starts with Perspective
3/6/2015 17
18. But perspective needs contexts…
…or lenses
...otherwise communication can go wildly sideways…
3/6/2015 18
19. First, what is “Communication”?
• The imparting or exchanging of information or news.
• The successful conveying or sharing of ideas and feelings.
• The discipline of communication focuses on how people use
messages to generate meanings within and across various
contexts, cultures, channels, and media.
• Two-way process of reaching mutual understanding, in which
participants not only exchange (encode-decode) information,
news, ideas and feelings but also create and share meaning.
In general, communication is a means of connecting people
or places.
3/6/2015 19
20. …And how can it go sideways?
What could be wrong here?
They know their perspectives?
3/6/2015 20
21. Communication Failures
• Poorly Formed Message
• Unexpected Message
• Wrong Language
• Fear
• Inundation
• Mismatched Need
• Poor Timing
They both needed to be more aware of the context at the
intersection of their perspectives.
Let’s call this context awareness “Lensing”
3/6/2015 21
22. Lensing?
• In language, multiple words can be attached to similar objects.
• These descriptions are labels.
• Labels can be formal, be informal, develop organically, be created
for a purpose, describe behavior, describe features, start out
describing features but end up describing categories
• Cybersecurity, as a label, is a bit of all of this and also contains
unlimited labels
• Lenses, for our purposes, are informal collections of labels and
contexts to focus perspectives on common goals
“Lenses” can be great communication tools
Let’s explore a few Cybersecurity Lenses
3/6/2015 22
23. The Nature of Cybersecurity: A Parasite Lens
3/6/2015 23
25. The Nature of Cybersecurity:
An Attacker Lens
(Source: http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=24d3c229-4f2f-405d-b8db-a3a67f183883 via Lockheed Martin)
3/6/2015 25
26. The Nature of Cybersecurity:
Cybersecurity: A Defender Lens
Source: https://isc.sans.edu/diaryimages/a207889185ca6b4ccbf43d94e017a663
3/6/2015 26
27. The Nature of Cybersecurity:
A Compliance Lens
3/6/2015 27
28. The Nature of Cybersecurity:
A Government & Policy Lens
Prosecute & Convict? Defend? Listen? Convince?3/6/2015 28
29. The Nature of Cybersecurity: Consequence Lens
3/6/2015 29
30. The Nature of Cybersecurity:
A Scale Lens
3/6/2015 30
31. The Nature of Cybersecurity:
A Bad Metaphor Lens
3/6/2015 31
32. The Nature of Cybersecurity:
A Who Dunnit? Lens
3/6/2015 32
33. The Nature of Cybersecurity:
A Human Lens
3/6/2015 33
34. The Nature of Cybersecurity: A Fear Lens
3/6/2015 34
35. For what it’s worth, what’s my Lens?
• A Secure System is one that does no more or less than we want it to
for the amount of effort and resources we’re willing to invest in it.
• Cybersecurity is the enablement of an environment in which
business objectives are sustainably achievable in the face of the
continuous risk resulting from the use of cyber systems.
• Cyber Risk is the possibility that actors will use our systems as a
means of repurposing our value chains to alter the value produced,
inhibit the value produced, or produce new value in support of their
own value chains.
3/6/2015 35
36. So how do we talk about it?
Pair structured lenses with Perspectives.
…and so on…
3/6/2015 36
37. Essentials of A Structured
Cybersecurity Communication Lens
• Who is communicating?
• What is their unstated origin context?
• What context are they communicating with?
• What perspective are they communicating to?
• What are they asserting explicitly?
• What are they implying?
• What are they not asserting?
3/6/2015 37
38. REMEMBER:
Use BOTH Negative and Positive Space
• When dealing with a topic that is not fully defined, there can
be unacceptable room for content interpretation
• The use of negative space is helpful
– By articulating what is not, we can learn what is
– By articulating what might be and why we believe it is not, we retain
control of dialogue about alternatives
– By articulating what we don’t know, bad assumptions of knowledge
are avoided
– By articulating both positive and negative space, we increase the odds
of the listener receiving the information we think we’re
communicating
This is a crucial communication tactic, especially with Media and
Incident Response
3/6/2015 38
39. Perspective
intersections can
help illuminate
applicable contexts
Being Talked About
GrudgeHolder
FireSetters
FireFighters
FireCodeWriters
FireCodeInspectors
Victims
AssetOwners
EquipmentVendors
Government
Reporters
Grudge Holders
Parasites, Business, Attack Architecture,
Defense Architecture, Compliance &
Standards, Government Policy,
Consequences, People, Skewed
Scale,Broken Metaphor, Attribution, more
Fire Setters
Fire Fighters
Fire Code Writers
Fire Code Inspectors
Victims
Asset Owners
Equipment Vendors
Government
Reporters3/6/2015 39
40. Parsing Communication:
Things to Look for (In Positive & Negative Space)
• Perspectives Represented
– Source, Destination, Motivations,
Inhibitors, Constraints
• Directionality Described
– Attack, Protect, Avoid, Recover,
Enable, Present, Educate
• Action Levers Requested
– Technology, Tech Services, Policy,
Law, Education, Money
• “Real World” Context
– Cybersecurity means nothing by
itself
• “Real World” Context
– Cybersecurity means nothing by
itself
• Consequences & Audiences of
Communication
– Intended, Unintended
• Tactics
– The actual content itself
• Alternative Theories
– ALWAYS provide to recipient,
or to yourself as a receiver, a
valid alternate narrative
• Sources
– Where is their information
coming from?
3/6/2015 40
41. Ask “Lensing” and “Perspective”
questions of received
information.
Repackage into a structure
Apply Positive and Negative
Space
Example:
Receiving and Re-Sending Incident &
Vulnerability Information
The original information received was in
unstructured, but formal paragraph form.
It should also, but does not, discuss
confidence and alternate situations
3/6/2015 41
42. Remember
• First Principles Still Apply:
– Cybersecurity isn’t magic and can *mostly* be
managed like any other emergency
– Communication should always be calm, honest,
succinct, factual, and clear
• Clarity, though, in cybersecurity, is difficult right
now, for everyone, so remember:
– Perspective
– Context and Lensing
– Positive & Negative Space
– Structured Communications
3/6/2015 42
43. Media Examples (!!!)
• Uncle Sam Wants 10,000 Cyber Warriors!!!
• NIST (Voluntary) Cybersecurity Framework will be
Mandatory!!!
• Target Security Staff Didn’t look at Security Alerts!!!
• Sony was compromised by North Korea and had
Terrible Security!!!
• Are Energy Grid is Being Attacked Daily!!!
• NSA wants us to give them all our information (Re
Information Sharing Bills)!!!
• The Government is hacking my laptop!!!
• Secret Obama Executive Order Leaked!!!
3/6/2015 43