Humans are the weakest link in security. This is true not just with regard to breaches but also to a wide range of workforce challenges in the security industry. Too often, organizations view human and tech elements separately, but a strong human-technology relationship is essential to stopping adversaries and identifying network threats and weakness. To strengthen security’s weakest link‚ Andrea Limbago explains that the industry must leverage social science to better integrate the intersection of humans and technology.
Focusing first on the human element, Andrea explores the security industry’s struggles with a variety of personnel and communication challenges, including the lack of diversity, the language gap between security teams and CISOs, and the challenge of building a culture of security. Although research exists on structuring inclusive networks, diffusing cultural norms, and creating organizational cohesiveness, for the most part security organizations have little insight into how to structure an inclusive and dynamic workforce that optimizes this intersection.
In addition, while major tech companies—especially global companies—increasingly have teams focused on the geopolitical cyberthreat landscape, it’s just a small step forward in a much larger conversation. Global cyberthreat assessments require persistent situational awareness and comprehension of which nation-state or nonstate groups may target a company, what they may target, and their modus operandi. This also requires an understanding of global policies and regulations that impact censorship, workforce requirements, and even digital trade regulations, such as the Wassenaar Arrangement. As a result, companies need people who can integrate social science and technology and straddle the geopolitical and technical aspects of the cyberthreat landscape.
Finally, given the explosion of data and the personnel and financial constraints of organizations, improved human-computer interaction is becoming a necessity, not a luxury. Yet many organizations struggle with efficiently integrating data scientists into security teams. As quantitative social science has demonstrated for decades, data analytics requires a combination of data science and domain expertise. However, to date, data science experts and security experts have generally worked in different applications, often with very different data, meaning they’re almost speaking two different languages. While unsupervised machine learning lacks domain insights, at the same time security experts lack the intuitive and efficient means to analyze the range of data. These two “sides” need to work together, integrating the domain expertise insights into the models that drive automation. Andrea explains that it’s not enough for these teams to just exist; they need to be developed in such a way as to bridge the perceived gaps, leveraging data science to automate that which computers do best while providing a means for domain experts to shape the models, data visualization, and other analytic requirements. This allows organizations to optimize their investments while providing a common baseline and focal point for domain experts and data scientists.
Andrea Little Limbago is the principal social scientist at Endgame. Andrea brings a background in quantitative social science and direct operational support to advance Endgame’s technical content and data science contributions across a range of markets, including cybersecurity, tech, and national security. She collaborates extensively with the data science and threat intelligence teams, guiding Endgame’s community engagement with industry, academia, think tanks, and tech. Andrea writes extensively on the geopolitics of the cyber domain, data science, and women in cybersecurity and the tech sector. She has previously worked in academia (NYU) and government (Joint Warfare Analysis Center), presenting at numerous conferences, including the American Political Science Association Annual Meeting, International Studies Association Annual Convention, SOCOM’s Global Synchronization Conference, the GEOINT Symposium, and the Military Operations Research Society Annual Symposium. While at JWAC, Andrea received the Reginald Gray Award, the Command’s top award for technical excellence for her analytic support to the Geographic Combatant Commands, Special Operations Command, Strategic Command, and the Joint Staff. Andrea holds a PhD in political science from the University of Colorado at Boulder, where she taught a variety of international relations and foreign policy courses, and a bachelor’s degree in government and romance languages from Bowdoin College.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com