Security Challenges - An Introduction

View the original Working Session content


The outcome was a list of characteristics that describe the cyber security industry and the problems within it. This was sourced from everyone in attendance.

Synopsis and Takeaways

The list of characteristics is below:

  • Adversarial
  • Arrogant - Security knows best
  • Asymmetric between us and adversary
  • Auditors as adversaries
  • Auto-didacts - self-taught
  • Blame culture
  • Breach fatigue
  • Built-in feature
  • Career paths undefined
  • Constant Evolution (speed)
  • Direct opponent to progress of other business areas
  • Eternal, the game doesn’t end
  • Expert-driven, technical experts
  • Failure seen as normal
  • Fear-motivated
  • Fragmented ( many different types of role? )
  • Hoodie, public perception is incorrect
  • Idiolect - it’s own language and jargon
  • Idiots – Ignorance, unreceptive
  • Imposter syndrome
  • Inter-dependency
  • Lack of comparative data to judge who is winning or losing
  • Lack of diversity in participants
  • Lack of immediate reward / results for effort
  • Lack of knowledge
  • Media presence, in the public eye
  • Mystical (it’s not when learnt or explained)
  • No initiates or apprentices
  • Optimisation Game
  • Political
  • Poor P.R.
  • Reactive - response to attacks
  • Secret club, barriers to entry
  • Transparent Success, no obvious indicators
  • Ubiquitous - affects all
  • Untouchable adversaries aka “APT bullshit”

Identified Questions

  • What do we do with this list?
  • How can we make this list useful?

Important Conclusions

  • There are many characteristics to the industry, especially when it is vaguely defined with the aim of encouraging brainstorming.
  • There is a much greater interest in this analogical approach than the organiser originally expected.
  • Expecting to define characteristics in a single word or phrase was overly optimistic. I suggest we work with what we have for now, but this approach should be modified in future.

Working Materials

A list was made on the available A3 sheets as work progressed, including the following:



Additional/External References


Session organiser(s)

Nick Drage Nick Drage


Ben Schofield Ben Schofield , Chris Dobson Chris Dobson , Dinis Cruz Dinis Cruz , Florian Buetow Florian Buetow , Lauren Chiesa Lauren Chiesa , Mario Platt Mario Platt , Mike McCamon Mike McCamon , Tom Ling Tom Ling

Attached materials: