Blog

Role modelling: women in cyber security

Angela Sasse

SC Magazine and cyber security writer Kate O’Flaherty’s list, published September 5, of “20 SC Women of Influence in UK Cyber Security 2017” included RISCS director Angela Sasse alongside several other familiar names such as Sadie Creese, director of the Global Cyber Security Capacity Centre at the Oxford Martin School, Information Commissioner Elizabeth Denham, and IISP general manager Amanda Finch. A companion editorial by Naina Bhattacharya notes that only 11% of the cyber security workforce are women. In the US, PWC finds a similar situation: there, the workforce is 14% women.

 

RISCS is, however, demonstrating what a more diverse workforce might

Lizzie Coles-Kemp

Lizzie Coles-Kemp

look like: many of the institute’s key researchers are women. Lizzie Coles-Kemp (Royal Holloway), the deputy director, spent many years working as a security practitioner before moving into academia. Others associated with RISCS are applying their work from other disciplines to cyber security. These include Lynne Coventry (Northumbria, psychology and usability), Pam Briggs (Northumbria, applied psychology, identity, and trust), Madeline Carr (Cardiff, international relations and internet governance), Monica Whitty, whose work in psychology quickly led her to study online relationships and mass-market scams and lead the Detecting and Preventing Mass-Marketing Fraud project, and Helen Sharp (Open University), who is combining her expertise in software engineering and coding communities to lead the project Motivating Jenny to write secure software.

Helen Sharp

Helen Sharp

Monica Whitty

Monica Whitty

Madeline Carr

Madeline Carr

Lynne Coventry

Lynne Coventry

 

 

 

 

 

This diversity underlies RISCS’ work on projects such as the four linked phase one projects, which led directly to the policy NCSC published earlier this year, People are the Strongest Link and the following three key ideas in rethinking how cyber security is implemented:

  • Users are not the enemy, but a key asset in delivering security;
  • Users’ time is a limited and costly resource, so usable and efficient security is essential;
  • Users’ goals, values, and working practices need to be considered, and security should be designed to fit around them.

 

 

About Wendy M. Grossman

Freelance writer specializing in computers, freedom, and privacy. For RISCS, I write blog posts and meeting and talk summaries