Presentation is loading. Please wait.

Presentation is loading. Please wait.

The problem with teaching Cyber security

Published byStuart Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "The problem with teaching Cyber security"— Presentation transcript:

1 The problem with teaching Cyber security
Raj Rajagopalan Honeywell Research Oct 7, 2013

2 My Position With a few exceptions, the following groups of people have no clue about the needs of security practice:

3 My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians

4 My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians Corporate Researchers

5 My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians Corporate Researchers Software manufacturers

6 How do I know? Using Anthropology to improve Technology
Charles Leinbach and Ron Sears studied the needs of RV users using anthropological techniques Helped create one of the most popular RV designs of all time Study in progress on Security Incident Response and Forensics using Anthropological techniques1 Grad student “embedded” in the KSU Security Operations Center (SOC) for the past six months Observing and understanding the needs, pressures, and drivers of security analysts What we have learned so far Incident response is as much a people problem as it is a technical problem Product manufacturers do not have basic familiarity in security Even after so many interviews with the analyst some of the knowledge is hard for him to explain It is important to extract this knowledge if researchers want to develop useful forensic tools 1With Xinming Ou, John McHugh, and Mike Wesch. supported by NSF Grant No. CNS with KSU and RedJack, LLC.

7 Anthropology-guided Cybersecurity Research
Social acceptance by the community of practice Apprenticeship Models, Algorithms,Tools Widen the workforce by enabling less skilled people to do the mundane jobs. E.g. K-State SOC has pushed this to NOC. Make best use of the time of skilled labor. Questioning, Reflection, and Reconstruction

8 Golden Observations We need humility and empathy to understand security practitioners. We have to want to learn their perspective. Our theories about real security will necessarily be messy. We have to learn to embrace imperfection in our models. We have to be honest about the mistakes and flaws in our tools. “Field work” is essential to know what the real problems and constraints are.

Download ppt "The problem with teaching Cyber security"

Similar presentations

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
The Evolutionary Progression of a Windows Forensics Analyst Up from the slime… Field Observations by cyber-sociologists Ed Skoudis and Rob Lee.

The Evolutionary Progression of a Windows Forensics Analyst Up from the slime… Field Observations by cyber-sociologists Ed Skoudis and Rob Lee.
Learning in ECE 156A,B A Brief Summary Li-C. Wang, ECE, UCSB.

Learning in ECE 156A,B A Brief Summary Li-C. Wang, ECE, UCSB.
Ethnographic Fieldwork at a University IT Security Office Xinming (Simon) Ou Kansas State University Joint work with John McHugh, S. Raj Rajagopalan, Sathya.

Ethnographic Fieldwork at a University IT Security Office Xinming (Simon) Ou Kansas State University Joint work with John McHugh, S. Raj Rajagopalan, Sathya.
Teaching Creativity AJ Nafziger. PERSPECTIVES AND DEFINITIONS OF CREATIVITY Merriam-Webster ▫“The ability to make new things or think of new ideas” Mihaley.

Teaching Creativity AJ Nafziger. PERSPECTIVES AND DEFINITIONS OF CREATIVITY Merriam-Webster ▫“The ability to make new things or think of new ideas” Mihaley.
Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Enterprise search: 2010 & beyond Nick Patience Research Director, Information Management The 451 Group.

Enterprise search: 2010 & beyond Nick Patience Research Director, Information Management The 451 Group.
Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group

Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group
Dr Ian Abrahams Combining randomised control trials with qualitative research approaches: The best of both worlds York 2013 1.

Dr Ian Abrahams Combining randomised control trials with qualitative research approaches: The best of both worlds York
Where did this practice come from? Gerda Sula, M. Ed. Step by Step Center, Albania.

Where did this practice come from? Gerda Sula, M. Ed. Step by Step Center, Albania.
Using Anthropology to study Security Incident Response Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 June 25, 2014.

Using Anthropology to study Security Incident Response Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 June 25, 2014.
Introduction to Software Testing Chapter 9.3 Challenges in Testing Software Test Criteria and the Future of Testing Paul Ammann & Jeff Offutt

Introduction to Software Testing Chapter 9.3 Challenges in Testing Software Test Criteria and the Future of Testing Paul Ammann & Jeff Offutt
S OUTH C AROLINA I NFORMATION E X CHANGE Law Enforcement Information Data Warehouse.

S OUTH C AROLINA I NFORMATION E X CHANGE Law Enforcement Information Data Warehouse.
Reflection (Winograd) A workshop initiated the book. –more workshops ongoing A list of questions:

Reflection (Winograd) A workshop initiated the book. –more workshops ongoing A list of questions:
EMNLP Industry Panel Comments © 2001, David A. Evans, Clairvoyance Corporation 1June 4, 2001 The Rubber and the Road Industrial Perspectives on NLP EMNLP.

EMNLP Industry Panel Comments © 2001, David A. Evans, Clairvoyance Corporation 1June 4, 2001 The Rubber and the Road Industrial Perspectives on NLP EMNLP.
Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
MB 802: Managing Organizational Change Course Evaluations 2006 - 2008 Prof. Brad Harrington Boston College.

MB 802: Managing Organizational Change Course Evaluations Prof. Brad Harrington Boston College.
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Capabilities Briefing

Capabilities Briefing

Similar presentations

Ads by Google