A Day in the Life of a Sociotechnical Researcher in the NCSC…

by Lee C4

Lee C4 is a researcher in the National Cyber Security Centre (NCSC) working in the Sociotechnical Security Group (StSG). He is the NCSC theme lead for Digital Responsibility and co-theme lead for Cyber Risk Quantification at RISCS.

As I travelled home following the recent RISCS Early Career Researcher Away Day, I reflected on a few things from the event. How exciting it was to meet such a diverse range of early career researchers interested in sociotechnical perspectives on cyber security. How much value I had gotten from hearing academics from different disciplines give new perspectives on the RISCS fellowships I have had the chance to be involved in. How much I had enjoyed the chance to meet in person the people I have worked with virtually over the last two years of the RISCS fellowships.

Something else I reflected on was my rushed answer when the following question caught me off guard during the NCSC panel event: “What does a typical day working in the StSG look like?”. My answer was something like:

“Oh… Umm… I don’t know. There isn’t a typical day really. I guess that’s part of the appeal of the job for me is that you never really have two days the same”

Now, as much as it sounds like a stock answer, I do stand by this. There is a lot of variety and that is a large part of why I enjoy my role. However, I do appreciate the answer isn’t overly informative. So with that in mind, I’ve attempted to provide a better answer below by outlining a day of mine in the week following the event.

I start my day by checking my emails for anything I need to action. I’ve been asked to review a proposed approach to communicating risk in a NCSC service under development to make sure we are practicing what we preach. I have a look and provide some feedback. Similar requests might include reviewing or authoring guidance, conducting internal research, or contributing to a delivery project as a subject matter expert. What form the work takes will depend on the specific sociotechnical topic and will always be driven by customer needs.

I have a catch up this morning with an industry 100 secondee who is carrying out a research task for the StSG alongside their work with other areas of the NCSC as an i100 secondee. They are looking at the relationship between bureaucracy, risk, and digital inclusion, a piece of work that overlaps significantly with our interests from the RISCS Digital Responsibility Fellowship. We have a couple of secondees on the industry 100 programme working with the StSG on a range of projects including improving reporting through the use of human-as-a-sensor, and quantitative risk assessment approaches for cyber security. Each secondee brings their industry experience and perspective to our work and the two way knowledge exchange that this program facilitates is hugely valuable.

“Depending on who you work with in the StSG, you could find people working on sociology, culture, risk, sociotechnical futures, economics and incentives, or communication and usability.”

Next, I spend some time catching up on some reading. Part of my role is to stay up to date with the sociotechnical cyber security landscape. I find the newsletters that organisations like RISCS, SPRITE+, CREST, and others provide are a useful source of relevant work in sociotechnical security which help me keep on top of recent developments.

I have a StSG team meeting just after lunch. No single person in the team can possibly tackle the whole sociotechnical cyber security landscape. Depending on who you work with in the StSG, you could find people working on sociology, culture, risk, sociotechnical futures, economics and incentives, or communication and usability. This meeting gives me a chance to hear more about work from across the team and make connections with my own work.

I then have a catch up with a colleague from one of the NCSC resilience teams. Our resilience teams, who work with a particular sector of the UK, are an essential part of pulling the research work of my team and wider technological work of the NCSC through into practice. They also provide a vital feedback loop for where our advice isn’t working in practice for people. Sometimes colleagues from resilience teams will reach out with queries or other times we will reach out with research we want to test out in practice with their sector. Today we’re meeting to discuss priorities for work into accessible and inclusive cyber security for the public over the upcoming financial year and identify opportunities for research to contribute to and inform their work.

I receive an email containing a draft report from an external research project we commissioned looking at cyber security for low literacy adults. I plan some time to go through it to provide some first impressions. This project provides an example of how the thought leadership that our fellows do, informs our work and our research priorities. In this case, the project was identified through a combination of the research landscaping work done within the RISCS digital responsibility fellowship and customer needs identified through our resilience teams.

As the day draws to a close, I catch up on some more emails and do some final preparation for a call tomorrow where I’ll be presenting some of our cyber risk quantification research and ambitions for future work with wider Government colleagues who are tackling similar problems.

“The only real constants are a need to communicate research effectively to the appropriate audience of the day, and that any given day in my case will involve a lot of coffee.”

That brings to an end my day as a sociotechnical researcher. As I mentioned in the beginning of this blog, no two days are exactly the same and I have the privilege to work on a broad cross section of research areas and potential applications of sociotechnical cyber security. The only real constants are a need to communicate research effectively to the appropriate audience of the day, and that any given day in my case will involve a lot of coffee. I do hope this blog has been more insightful as a response than my original attempt at the early career researcher event, I’ll make sure I prep a better answer for next time!

 If you are an Early Career Researcher working in sociotechnical cyber security, we encourage you to sign up to our newsletter and follow us on Twitter to be kept up to date with our events/opportunities.