DefCamp #11: Max Kilger Ph.D. on the need to “always look for the unexpected”

The more time you spend in the infosec industry, the clearer you can see that, as Daria-Romana Pop said in a recent interview, “the human element goes beyond cybersecurity.”

Industry veterans everywhere focus our attention on the intersection between people and technology for a good reason: because that’s where things get really complicated and nuanced. That’s why Bruce Schneier’s iconic statement – “Security is a process, not a product.” – holds true to this day, 20+ years after he first wrote it.

Focus our attention on the intersection between people and technology

Moving from a limited, formulaic, and sometimes cliché-ridden understanding of cybersecurity to a comprehensive view is fundamental to the advancement of our society.

Max Kilger Ph.D., Associate Professor and Director of the Masters in Data Analytics Program at The University of Texas Health Science Center at San Antonio, generously shared his insights with us, highlighting how he wishes “the role of people in the infosec threat environment” would be a topic that more people talk more frequently about in the industry.

“I don’t mean the traditional training and learning that goes on in teaching users best practices for protecting themselves – that of course is important.

Rather, I am referring to helping build a better, more comprehensive understanding of the relationships between people and digital technology to help develop future threat scenarios so that policy makers and information security organizations can be better prepared for what is coming in the near future.”

We cannot foresee what we can’t imagine. And we can’t imagine and plan for a future situation unless we understand it.

Unfortunately, correct comprehension of fundamental information security concepts is not yet prevalent, not even among decision-makers tasked with allocating the resources for it. So it takes each of us to contribute to the spreading of correct information rooted in a nuanced knowledge of the context.

And nowhere is this more important than in conflict and warfare that include a substantial cyber component. We’ve recently seen this in the recently discovered SolarWinds compromise and many times during the last decade, with increased intensity over the last few years.

Infosec has a massive impact in shaping the future of our societies

The crucial impact of infosec in shaping the future of our societies is why Max Kilger Ph.D. applies his extensive knowledge of both cybersecurity and behavioral science to do essential work focused on:

“Examining the synergies of kinetic and cyber components of hybrid warfare and helping to develop a better understanding of how these elements affect the nature of nation state conflict, including the role of non-nation state actors in these events from a national security perspective.”

If you’re interested in expanding your knowledge of the geopolitics of cyber warfare, our recent interview with Chris Kubecka, Distinguished Chair at the Middle East Institute Cyber Program at the Middle East Institute (MEI), makes for an insightful read.

One of the best advancements in cybersecurity over the last few years.

Because we operate in a space that’s always focused on the counteracting malicious activities, the mood can get pretty gloomy. For a change of pace, let’s look at some positive aspects, such as what our interviewee considers to be one of the best advancements in cybersecurity over the last few years.

“The emergence of threat hunting I think is one of the better things to evolve out of the information security field in recent times.

I would like to see more cooperation among organizations working in this area to perhaps develop some collaborative, distributed platforms to share the raw data as well as analytics that are developed among trusted partners.”

We remember when threat hunting was a bit of an exotic topic at DefCamp conferences from previous years. We watched it slowly but surely garner more interest, making it one of the most attractive – and challenging – areas in infosec right now.

So if you were to build towards a career in threat hunting or focus on any other particular infosec area, what do you need to do?

Here is sage advice from our esteemed guest, Max Kilger Ph.D.:

“Always look for the unexpected. The nature of the relationships between people and digital technology can emphasize this particular threat characteristic.

As you plan and develop workflows and tools, always keep in mind future synergies and opportunities to fuse the data as well as the results of your analytics. Keep in mind open data architectures so that you can share your information among trusted organizations.

Be wary of slapping physical analogies onto cyber phenomena. While analogies are important ways to build your understanding of a not well known phenomenon, resist the temptation to wholesale apply these physical analogies to cyber situations – be selective in what elements of the physical analogy can safely make the transition to the cyber domain.”

And speaking of using experience and conclusions from one sphere of our lives and applying them to a different one, 2020 has been a true year of reckoning.

“The inconsistent and often ineffective response of national, regional and local governments to the pandemic has taught us some serious lessons. These lessons can carry over into the field of information security.

Having a game plan for serious incidents should be one of the major lessons learned here.

The pandemic should also teach us that human beings don’t always rationally follow plans or procedures and efforts have to be made to shape behaviors such that more compliance among users, organizations and nation states can be facilitated and encouraged.“

As our guest today, Max Kilger Ph.D., highlights, information security is an industry of great challenges, but also great determination and fortitude. We’ve seen it time and again in the persistence and commitment of millions of specialists around the world who put their best foot forward this year to keep organizations functional and as safe as possible.

So as you plan for the year ahead (or maybe just think about it in broad terms), re-read this interview and explore your options to find focus, clarity, and the resilience to develop your infosec career.

3 key takeaways to build on:

  1. A better, more comprehensive understanding of the relationships between people and digital technology” is essential for designing better policies both at organization level and at at government level
  2. More cooperation among organizations” working in threat hunting can elevate the entire industry and have positive effects far beyond it
  3. Always look for the unexpected.” when doing your work, building your career, and generally tread along in the industry.

    Related articles​

    Securing the cloud: insights on threats, ..

    BY Adina Harabagiu
    There is no mystery that everything nowadays has a digital component. A growing number of companies are ..

    Striking a balance between security updates, ..

    BY Adina Harabagiu
    The world of cybersecurity is fast paced, there’s no denying it. Innovation is constant and threats are ..

    Pentesting: a tool for empowering – not ..

    BY Adina Harabagiu
    You’ve likely caught wind of this rising tide – offensive security, pentesting, and #RedTeams are not ..