Cybersecurity needs more optimism, and focus more on its achievements and lessons learnt.
Delivering the closing keynote The Importance Of Being Ernest And Optimistic at BSides Scotland in Glasgow, Redacted Firm co-founder Dr Jessica Barker said that there is not enough time spent “dwelling on optimism.
“We are dealing with problems all the time and look for problems and where things don’t work,” she added. “I am not saying that everything is going to be fine, but its about how we approach problems and the mindset we have.”
Barker cited research led by neuroscientist Dr Tali Sharot which found that when people imagine mundane things and describe a scenario, people veer towards being optimistic. However, in cybersecurity, there is the issue of how many organizations get breached, and the response is to shout louder and to beat optimism out of teams who have not been hacked.
She cited examples where major healthcare epidemics and global violence are overcome, and whilst cybersecurity is a “tiny part of the way in,” there is evidence to show that society has faced big problems and overcome famine, epidemics, violence – “can we do it with cybersecurity?”
She said: “Why are we not optimistic? We focus on breaking things and it is good to talk about flaws and awareness of issues, but we should focus on our achievements and solutions and where we fixed things and we don’t take stock and focus on the next problem: we focus on what we fixed or improved.”
As a result, Redacted Firm has launched a timeline of milestones for cybersecurity to show successes. Barker said: “we can look to make incremental gains and improve as we go and move in the right direction, and not expect to fix this overnight.”
She encouraged the audience to rethink about smaller goals and making achievements bit by bit, in order to maintain optimism.
“What we can improve is from a culture of failure where we make mistakes and not point the finger and blame the victim,” she argued. “Not having a culture of failure means we learn from our mistakes and acknowledge that we face setbacks and not that the whole world is doomed.”
She concluded with a quote by Bob Covello: “The more important question you can ask yourself every day is: how can I build the credibility that will give my successors the power to continue to grow this meaningful work,” asking how are foundations being laid for the future of cybersecurity and leading the way for the community in the best possible position.