Jason’s experience of RISCS ECR away day…

RISCS held an away day for early career researchers (ECRs) in March 2022. Participants were nominated by our community to bring us together after two years of working remotely. The event aimed to provide a platform for the exchange of ideas and research solutions to sociotechnical cyber security issues.
We asked one of our participants, Jason Dymydiuk from the University of Salford to tell us what he thought about the day…
j_d_riscs

Dr Jason Dymydiuk presenting at the ECR away day.

After years of online events, it felt like a breath of fresh air to be invited down to London for the RISCS ECR away day. I was excited to have the chance to finally meet the RISCS Community face to face!

The event kicked off with some great opportunities to network with other ECRs, the RISCS community and the NCSC, over evening drinks and breakfast. This gave me the chance to meet some fascinating people working across a real spectrum of sociotechnical cyber security issues.

After we had broken the ice with some networking, we ‘got down to business’ with a scenario activity, expertly led by Dr Jason Nurse. In this activity we were tasked with acting as a Computer Incident Response Team (CIRT), planning a response to a ransomware attack at a hospital, like the NHS experience of WannaCry in 2017. We were divided into groups of ECRs from diverse disciplines based on our tables, which were each led by a RISCS Fellow or NCSC lead, based on the seven RISCS themes.

“This gave me the chance to meet some fascinating people working across a real spectrum of sociotechnical cyber security issues.”

Our table worked with Fellow Genevieve Liveley who guided us in approaching the scenario from a futures perspective. Other groups took different approaches. For example, one group considered levels of responsibility with Lee C4, the NCSC lead for RISCS Digital Responsibility Theme. They focused on staff ‘on the ground’, patients and hospital leadership. Another group looked at ‘quantification’ with Fellow Anna Cartwright. This group considered issues around prioritization, for example asking which patients need to be assisted first, and crunching the data on the ‘to pay or not to pay’ question.

Our group applied the “PESTLE” framework as a futures tool to help us think about what could happen in response to the attack in six different areas: political, economic, social, technological, legal and environmental. The framework really prompted us to integrate long-term thinking into our reactive decision-making process.  This helped us to develop a well-rounded plan of action, no matter the outcome of the ransom payment decision.

“I had some insightful conversations with my colleagues helping me to ‘myth-bust’ academia.”

PESTLE highlighted to me just how critical effective communication is when responding to an attack, whether that be for receiving information or disseminating decisions. Overall, this activity really highlighted the diversity of disciplinary expertise around the room, generating some truly creative responses.

Following the scenario activity and a bite to eat we started the afternoon with some eye-opening insights on how to engage public institutes and bodies with our research. This took us down various potential routes, showing how we could work with government officials, build a relationship with government, and bridge the disconnect between research and policy – a challenging task for established researchers, let alone those trying to develop a foothold in their discipline!

“A key takeaway for me was leaving with a sense of community.”

I had some insightful conversations with my colleagues helping me to ‘myth-bust’ academia, highlighting some of the opportunities available in our expanding field. This demonstrated that paths are not always clear in academia, nor are they pigeonholed purely to the public or private sector. These discussions were great at helping sooth some of my early career anxieties when there is so much uncertainty and precarity at this stage, not to mention in the current environment.

A key takeaway for me was leaving with a sense of community. The sociotechnical side of cyber security can often feel quite isolating given it is an emerging field. So it was great to meet and learn from such a diverse and friendly range of people working in this exciting area!

 

This was written by Dr Jason Dymydiuk who is a part-time lecturer in Intelligence, Security, and Terrorism at the University of Salford. He is also a Research Assistant for RISCS Leadership and Culture Theme led by Fellow Dr Ruth Massie.

 If you are an Early Career Researcher working in sociotechnical cyber security, we encourage you to sign up to our newsletter and follow us on Twitter to be kept up to date with our future events and opportunities.