How to Think Well in Cybersecurity Under Adverse Circumstances
Price: $139 per person ($39 per student)
Other: A light lunch will be provided
Speaker bio:
Dr Hinne Hettema is a world-renowned practitioner in cybersecurity operations, focusing especially on enabling security capabilities through detection engineering, security monitoring, threat intelligence, incident response, operational technology, and malware research. He works in New Zealand in security operations and the establishment of cybersecurity defensive capabilities in various organisations. He is an Adjunct Senior Fellow at the University of Queensland, researching cybersecurity operations, the security of operational technology, and the philosophy of cybersecurity. He studied theoretical chemistry and philosophy. He is a liaison member of First.
The one-day workshop content includes:
This workshop focuses on how we can think well under adversary circumstances.
In this workshop, we’ll address some key topics that cyber operational teams face each day:
- How to determine what is true in incident response
- How the nature of what is true may change during an investigation in a process of revision
- How can teams best handle the constraints on their behaviour
- Thinking under conditions of uncertainty
- Devising and executing security strategy
We are used to thinking that all of the above is solved with a combination of process, best practice, and frameworks. While not strictly speaking false, there is more to worry about once circumstances turn adversarial, for instance during an attack. This workshop will focus on some of the additional context of best practices, processes and frameworks that we need to understand to apply them well. It will also introduce new elements into the mix, based on some of the methods developed to evaluate scientific data.
We'll draw on a number of traditions, especially philosophy of science and systems thinking.
Philosophers of science have long considered the creation, operation and nature of epistemic structures – scientific theories – that need to be true to be valuable. They have done so by focusing on how we develop and test explanations and theories. Another focus is the features good explanations have in comparison to poor or erroneous explanations.
In addition, we’ll use some ideas from systems thinking that will allow us to map out our current situation and its likely evolution in times of uncertainty allowing us to act in the environment we find ourselves in. The focus of action entails that we act on information, which is true, operate within the boundaries set by constraints, and operate in a way that is most effective.
The approach focuses on the principles that govern incident response, and how they can regulate our behaviour even when the endpoint of our interventions isn’t clearly in scope. We'll also use these methods to discuss developing security strategy and strategy execution.
Please note you will receive a certificate of participation upon completion of the workshop.