Today’s guest editor Dr Jessica Barker faces the questions from the real Infosecurity editor Michael Hill.
What is your favorite thing about Infosecurity Magazine?
The breadth and depth of topics covered (oh, and the wonderful team of course!). I love that Infosecurity represents the diversity of issues that we grapple with as an industry, from technical content to articles addressing the human side of cybersecurity, everything from end-points to ethics. Whatever area you are passionate about in this industry, you will find content that is relevant to you. I also like the people focus; Infosecurity doesn’t just cover the issues in the industry, but it also shows us the people that work in it. The approach taken by Infosecurity is very human and very accessible, and as a reader I can tell that the team are genuinely passionate about the same things that I am.
If your job as guest editor of Infosecurity became permanent, what new content stream would you introduce?
I think an Infosecurity magazine podcast would be cool, and very popular.
How do you describe to your (non-industry) friends what your job is all about?
With a Powerpoint of course! Ha, just kidding. Most people ‘get’ what I do very quickly, because the media has really helped us raise awareness of cybersecurity outside the industry over the last couple of years. If I do need to explain, I say that I help people and organizations understand what cybersecurity means to them and what they can do to better-protect themselves.
What makes you really angry about our industry?
I find the negativity disheartening. I get it, we’re dealing with malice and mistakes, and a lot of the time it feels like we’re fighting an uphill battle. However, when I see people attacking others for having bad passwords, clicking on links or for being socially engineered in one way or another I just feel sickened. We’re supposed to be helping people: to paraphrase the NCSC, if we’re not doing this to help people, then why are we doing this? Most people want to do a good job and act in good faith, calling them ‘stupid users’ just alienates them and puts them off engaging in security and asking questions.
What gives you hearts in your eyes?
Seeing people lift one another up, within the security industry or within my client organizations. Seeing people offering mentorship, guidance or speaking out to help another person. Also, it makes my day when we deliver an awareness-raising training session for a client and I hear that people have taken our advice and applied it not just at work, but at home and encouraged those same good behaviors among their friends, parents and kids.
What’s the best conference talk/keynote/seminar you’ve ever attended?
Oh, where to start? The best talks for me are the ones that really engage with the people in the room. Brian Honan gave a presentation on GDPR at the SANS Security Awareness Summit in 2017 and he made GDPR so impactful and emotionally engaging, it was incredible. It was engaging on a personal and professional level, and a lesson in how to take a ‘dry’ subject and make everyone in the room sit up and pay attention. Also in 2017, I saw Jessikka Aro speak about Kremin Trolls, Bots and Propagandists at Topconf in Tallin, which was a really powerful presentation based on her investigative journalism and personal experiences.
What infosec technology could you not live without?
A password manager. I don’t know how I managed without one, and I’m so enthusiastic about them that people always leave my awareness-raising sessions telling me that they’re going to start using one.
What’s your dream infosec job?
I’m doing it. My husband and I are running our own company, completely self-funded and in profit from day one. We’re aligned with where we want to take the company, but as we represent different sides to cybersecurity (he’s the attacker, more focused on technical and physical security, whereas I’m the defender, addressing the human side) we bring different perspectives to the table. We work with genuinely fantastic clients, who all want to have a more positive cybersecurity culture. I get to travel the world and speak to so many people about a topic that I am hugely passionate about, and I influence behaviors for the better, playing a small part in making people around the globe that bit safer.
If you could have founded any information security vendor, which would you choose?
I’m pretty happy with the one I have co-founded ;) but I guess I need to say another, so I think it has to be SANS. I have a huge amount of respect for the quality of work it does and especially for the way it gives back to the community, for example with lots of freely available resources. The Security Awareness team is fantastic, they do so much for the community and Lance Spitzner, the director of SANS Security Awareness, is one of the most engaging, supportive, insightful and enthusiastic people you could hope to meet.
What is the biggest unresolved information security challenge?
That the internet was not designed with security in mind.
What’s your guilty pleasure?
Biting off the ends of a Tunnocks wafer and using it like a straw to drink tea. Well, you did ask!
What’s your favorite Christmas movie?
Edward Scissorhands. I love the film and the soundtrack. If it ever snows at Christmas, we know why.