With a behavioural science background, it is perhaps no surprise the responsibility for summarising the interactions at yesterday’s Cyber Workforce Summit has fallen to me.
In addition, being a non-technical person provided a useful degree of distance to help spot any trends emerging from a day of panels and high-level discussions with cybersecurity leaders about the role of human capabilities in modern cyber resilience.
There was one central theme everything kept returning to time and again: the growing importance of the entire workforce in cyber resilience.
This was wrapped up in a variety of different guises - from discussions around the need for a culture of security in everything from Executive to Development teams - to a realisation of the variety of skills needed as we navigated a crisis exercise packed with wicked problems.
Increasingly, cyber resilience is not something an organisation can achieve solely by stacking technical countermeasures. It requires understanding and maintaining a fine balance of people, process and technology, all while being skewered by attackers.
Achieving this means busting some myths - the predominant one being that cybersecurity is solely the preserve of technical specialists operating in a silo.
Today’s pervasive threat can only be addressed by breathing knowledge, skills and judgement across the entire workforce, capabilities which must remain adaptable to the threat.
In many ways, the summit itself served not as a lightbulb moment; cybersecurity leaders have for some time understood the value of human capabilities, instead it served as a way of maturing this conversation.
For too long, the predominant narrative has focussed on the risk presented by the workforce, instead, it is time to focus on the possibility. We must also do this at scale because, while we must start with individuals, the collective potential impact could be huge.
Learn more on how your team manages a cyber crisis!
Rebecca McKeown
Director of Human Sciences