Fiona Byrnes - Cyber Resilience Thought Leader
Who is today's cyber criminal? What new data can be commoditized, or code weaponized for disruption? These are common security intelligence questions asked in our client conversations.
While these questions are about the preventative tools, testing, analytics, and security methodology, they also have an underlining of psychology. As a behavioral science graduate, I believe both Cybersecurity and Psychology are complementary. While the former deals with mathematical aspect of when, where and how; the latter deals with the logical aspect of why and what.
The cross-over of these two disciplines help enhance our understanding of cyber threats and what’s in it for the cyber criminal. By using tabletop exercises, drills and use case libraries and AI, we alleviate some of the effort and stress for analysts. This also frees our analysts to think laterally, using prefrontal cortex, to focus on logical methods for blocking and mitigating attacks.
Psychology of the cyber adversary also helps us reduce the payload and notoriety for them. By avoiding 'cool' references for malware or attack methods (ie. renaming all malware to a generic reference - malware2020-1) we stem operant behavior. Active threat hunting using MITRE ATT&CK framework allows us to apply known methodologies, correlate quickly, and take the fun out of disruption, particularly for unsophisticated hackers.
I recently addressed a group of STEM students at a University and was fascinated to see many young girls drawn towards Psychology. The Professors at the University were equally excited about how the concept of left vs right brain, and the value of Counter-Terrorism and Criminology can be used as a stepping stone to enter Cybersecurity. It is important that young minds are opened to these concepts, and their learning can be leveraged across many fields in Security.
My future lectures and working with students will continue to introduce this subject and present to them an opportunity to foresee an exciting career in Cybersecurity.
