Every four years, the Computing Research Association publishes a set of Quadrenial papers that “explore areas and issues around computing research with potential to address national priorities. The white papers attempt to portray a comprehensive picture of the computing research field detailing potential research directions, challenges, and recommendations.” I’m pleased to have helped draft one of these, Lessons for Cybersecurity from the American Public Health System:

The United States needs national institutions and frameworks to systematically collect cybersecurity data, measure outcomes, and coordinate responses across government and private sectors, similar to how public health systems track and address disease outbreaks.

I’m excited that this is available because we worked with CRA to craft an accessible, understandable message, and it’s a nice length (roughly 2 core pages, plus a few pages of recommendations). We’ve heard that people want that accessible intro, and I encourage you to read it!

I’m grateful to my coauthors: @ljean, Yi Ting Chua, @dykstra, Brian LaMacchia and Daniel Lopresti.

https://cra.org/wp-content/uploads/2025/01/2024-2025-CRA-Quad-Paper_-Lessons-for-Cybersecurity-from-the-American-Public-Health-System.pdf

“Faerie Dust Can Make Old Ideas Magically Revolutionary.”(pg. 22)

#MythAmerica

Click here to purchase:
https://bit.ly/CyberMythsBook

@spaf @dykstra @theladyofgeek

#CybersecurityMythsAndMisconconceptions
#FaerieDust #Magical #MagicalImprovement

I will be speaking at the @firstdotorg conference in Montreal on Monday, right after @hacks4pancakes gives the keynote talk.

If you're at the conference, say hello (I'm only there one day). If you have a copy of Cybersecurity Myths and Misconceptions and want it signed, bring it with you.

I'd stay longer but the @ACM Council meeting and awards banquet are Friday/Saturday in San Francisco, and I need to stop at home before heading out there.

#FIRST #ACM #Cybermyths

back at it again with my co-conspirator @dykstra, this time with a paper about the vital need to consider opportunity cost in #cybersecurity decision making https://queue.acm.org/detail.cfm?id=3588041

It has everything: econ vibes, an elaborate table, a new decision heuristic, a killer case study, and so much more.

Our goal is to drive more effective decision making in #infosec because o boi does the industry need help.

The new cybersecurity book that proves that everything we know is WRONG! @spaf @dykstra and Leigh Metcalf give us what-for and it’s highly entertaining.

https://smile.amazon.com/Cybersecurity-Myths-Misconceptions-Avoiding-Pitfalls/dp/0137929234/

How can we waste attackers’ time, attention, and money? Can we inflict psychological damage on them? In essence, can we f*** with them for better resilience outcomes?

Yes we can! Our new paper — led by @dykstra with other fine folks — answers these questions, introducing the concept of “sludge” against attackers for systems resilience: https://arxiv.org/pdf/2211.16626.pdf