11:00AM – Arrive in Bournemouth
Be amazed by the beauty of such an intricate and classic looking train station. Is this Dorset’s answer to Kings Cross? Contemplate on taking up Trainspotting as a hobby.
Fire-up Google Maps to locate a place for a quick bite to eat…
12:00PM – Stumble across Space NK
One week prior: vow to go on a spending ban on cosmetics. Tut at the amount of unused products accumulated from the past three months. Shun yourself from your local makeup counters. Inundate yourself with reminders to rotate your collection, delete your shopping list, do anything to not succumb to temptation.
Present day: succumb to temptation.
Stare longingly at the delicately gift-wrapped Space NK bag as you search for a cafe. Attempt to convince yourself it was only because you have never visited a branch beforehand, nor a NARS Cosmetics counter. It was a mere moment of excitement. The sheer rush of euphoria as you strolled through the shop floor sampling the Aesop handcreams and swatching the NARS Cosmetics Audacious lipsticks.
Furthermore, try to persuade yourself it was because you got lost trying to find the cafe you had bookmarked on Google Maps the night before, only for your trusty navigational app to lead you to the Bournemouth Arcade mall. The heart wants what it wants, the GPS leads to where it leads.
12:13PM – Have a feast at Espresso Kitchen
Walk past the designated coffee shop you had spent the better half of the morning trying to find, not once, not twice, but a grand total of three times. Be a few seconds away from admitting total defeat. Scowl at Google Maps for committing such treachery. Walk to the traffic lights to cross the street so you can head into Cafe Nero. Look both ways. Look to the right, road is clear. Look to the left, road is clear. HANG ON A MINUTE, IS THAT THE COFFEE SHOP I SEE?!
beep beep beep
It’s the green man. Your signal to go. The beacon of road safety. Vehicles approach the traffic lights and stop. You have too much pride and are far too polite to simply walk away from the lights. You cannot instigate the road-rage from within these drivers. Save face and cross the street.
Look around you, make sure no one is watching and walk around the street to get back to the coffee shop.
Tuck yourself into a cosy space on the bench of the coffee shop and examine your surroundings. Spend much of your visit admiring the whimsical decor of Espresso Kitchen. Behind you is the wall adored with comic strips and newspaper clippings; in front of you is the counter, covered in foreign notes from countries far and fair in-between. A unique way to wallpaper the space and give it its own uniform.
Treat yourself to a feast of sweet vegan bites, a toasted mozzarella pesto sandwich, and, of course, a gorgeous simulating flat-white made from the most flavoursome coffee beans. Savour the taste of it all. Sit satisfied like a King from the 17th Century.
12:43PM – Make your journey to Bournemouth University
Sheepishly forgive Google Maps and blame yourself for making such a mistake. Rely on it yet again to navigate you to your next destination: Bournemouth University.
Cut through the park and swiftly cherish the surroundings and beauty of nature encapsulated by the busy city it is surrounded by. It even has a little stream running through it!
Weave in and out of streets adorned with art composed by mysterious individuals of the city. So much talent brushed across the walls and viewed by hundreds each day.
1:13PM – Arrive at Bournemouth University for their Psychology of Cyber Security conference
October was Cyber Security Month, so I decided to take advantage of the month to consolidate my knowledge around one of my main interests of research: Cyber Security! I grew up around this area of discipline and my interest manifested as the years went on. When social sciences start integrating with computer science? I am all over it. I stumbled upon an advertisement of this event whilst scrolling through social media and knew I simply had to snap up a ticket in an instant! The talks were delivered by an array of professors and academics from across Bournemouth, Portsmouth and even Japan! It was an enjoyable afternoon and I walked away with so much more knowledge around this area of Cyber Security.
Talk #1: Social Loafing. Why Good People Breach Security and What to Do about It? by Professor Debi Ashenden, University of Portsmouth
Professor Ashenden commenced her presentation by defining what social loafing was and how individuals in society can be categorised under any three groups by linking them with day-to-day activities:
- Social Loafing: “no one will notice if I do this”
- Free Rides: “my contribution doesn’t make any difference”
- Sucker: “why should I comply when others aren’t?”
It was emphasised that there could be a high risk of conflation between what is found in studies to what is witnessed in modern society. “What works in a lab sometimes doesn’t work in the real world.” (Tulman, 2016).
Possible interventions that can help were identified as the following:
- Continuous integration through Dev Ops
- Feedback and Identifiability
- Group Cohesiveness (it was found there was a correlation between the decrease of social loafing when there was an increase of this strategy)
- Belief that through contribution can help
A prevalent cause of social loafing was “the greater the reward for compliance, the more ‘naughty’ it can feel to not comply.”
Often, many sectors of the technology industry feel rather apprehensive when it comes to cyber security. Many questions buzz because where does one start? It’s such a dynamic area but how can we utilise this to protect our assets? Professor Ashenden investigated how to close the gap between the business and security by interviewing software developers. One of the findings were:
“You are like a rock in a stream – we flow around you.”
This implies software developers, often regarded as highly creative individuals in the technology industry, may fear security closing in on them could deteriorate the freedom of their work and creativity.
Professor Ashenden had emphasised the importance of communication as a means to counteract this fear many could have. It is very important to have the dialogue between the software development teams and security practitioners. Co-location was another favoured solution as it could encourage both teams to sit together and articulate their concerns in a safe and familiar environment.
Talk #2: Awareness in Risk Based Decision Making by Andrew M’manga, Bournemouth University
Andrew M’manga had began his talk by defining what can constitute as risk-based decision making:
“An endeavour to make an informed decision on the base of risk and uncertainty.”
It was identified there were two categories of risks which could be linked to real-world scenarios for more perspective:
- Objective risk.
- This could be defined as taking out insurance.
- You are more familiar with these circumstances and can assess your cost/benefit based on the odds given.
- It is sufficient information for you to make an informed decision.
- Perceived risk.
- Gambling could be a corresponding example.
- You are not familiar with your circumstances, regardless how often you may participate in the activity.
- Every session can be different, so you might not be able to make a plentiful cost/benefit analysis.
- It is not enough information for you to make an informed decision. You have that underlying feeling of uncertainty.
To counteract such risks, the solutions identified were:
- Rational – weigh pros and cons of the situation.
- Neutralistic – go with your instinct.
However, we are all human and we are prone to making mistakes. It’s in our cognitive nature! This was illustrated using the Elephant Ladder of Inference. Such limitations pinpointed were the following:
- Mental models: what you see and know.
- Heuristics: how you perceive.
- Biases – one perception fits all.
Talk #3: Hackers Gonna Hack: But do they Know Why? by Helen Thackray, Bournemouth University
“All human behaviour is influenced by the presence of others; real or imagined.”
Helen Thackray emphasised the sociological perspective of hackers by introducing the concept of social identity. Groups are an important source of pride and self-esteem. It helps one another to find common ground.
Ask anyone what can be defined as a hacker and you can bet your best hat you will get different answers from every person. For Helen’s investigation, hackers were defined as:
- No imagined community.
- No physical location.
- Psychological drive for consensus at any cost.
Such that, hackers can be under different categories of influence:
- Informative Influence.
- Base judgement on others action but still use your own instinct.
- e.g. crossing the road – seeing others step out, assume they know enough to do so. May use own judgement and debunk others.
- Normative influence.
- Pressure to conform to the norms of others.
- e.g. trolls in forums – less likely to troll frequently in order to remain on the forum.
- Requires individual to relinquish control.
- Group membership is a strong predictor of trusting behaviour.
- “Do not trust people on the internet!!!” … but to what extent?
Talk #4: Crime Offender Profiling Using Machine Learning by Dr Edward Apeh, Bournemouth University
Forensics, machine learning and cyber security: a wonderful and beautiful trio.
Dr Apeh had began his talk by instructing how an individual from this discipline can generate a profile of a crime offender to supplement the machine learning process:
- Details of crime history
- Building profile using probable features
- Constructing persona
- Martial Background
Machine learning overall can be segmented into various sectors to manipulate data and extract the relevant information. It can be categorised under the following:
- Supervised Learning.
- Naive Bayes.
- Nearest Neighbour.
- Ensemble Methods.
- Decision Trees.
- Neural Networks.
- Unsupervised Learning.
- Hidden Markov Model.
Talk #5: Ethical ethical Hacking? Ethical Dilemmas and Dimensions in Penetration Testing by Dr Shamal Faily, Bournemouth University
Ethics are everywhere. Ethics define what is right and wrong in society. Ethics are fundamental in day-to-day life and activities.
Ethics in ethical hacking, also known as penetration testing, is one to sit down and think about.
Dr Faily had exclaimed ethics forces practitioners to think about consequences. “Ethics is the study of morality.” (Tavani, 2006).
Persona of Penetration Testers can be put under two categories:
- Legal based.
- Information management.
- “Common sense is not so common” – obvious characteristics but may fail to decipher it.
Fallacies and biases in ethical hacking from an ethics perspective were identified as:
- Junior may not approve of ambiguity.
- Fundamental Attribution Bias
- “Just needed some credentials to forward on … didn’t need to feedback.”
Talk #6: Intelligence Security Dimensions and Cyber Hunting by Dr Christopher Richardson, Bournemouth University
Dr Richardson had emphasised the importance of involving oneself in cyber operations as much as possible in day-to-day life. He stated everyone needs to be a cyber practitioner as legislations coming in May 2018 can have the potential to affect us all.
The biggest threat to security was discovered to be language. Pragmatics was the issue in the cyber world. Due to this, society could be in two states:
- They’ve been hacked.
- They’re about to be hacked.
A practitioner’s view was many people fail to understand the great implications of poor security management. Threats can spread at a rapid pace and affect many. Businesses, whether SMEs or large corps, are prone to phishing scams; so no one really is safe.
At the end of the talk, Dr Richardson had welcomed the audience to ask any questions. His answer to “why do most individuals adopt the ‘ostrich in sand’ mentality when it comes to cyber security?” has resonated with me ever since the conference:
“Put ‘cyber’ in front of it and it sounds complex. It’s actually information. It is information security and knowledge management. Cyber is the architecture of it!”
Talk #7: Eye Tracking and Cyber Security by Dr Daisuke Miyamoto, Nara Institute of Science and Technology, Japan
Dr Miyamoto had introduced his talk by using a gaze tracker to illustrate the hazards of phishing scams and how it can be so easy for an individual to fall into the trap.
Supporting Anti-Phishing techniques and to mitigate such risks were:
- Educating one another about phishing attacks and how to identify it independently.
- Raising awareness.
From a recent phishing study conducted, it was found the eye movement in 80% of cases revealed whether or not the user would be a victim. With this in mind, accessibility issues can hinder anti-phishing techniques. Thus, it is imperative UI/UX features are thoroughly considered during strategic plannings. For instance, a user may suffer from visual impairment. A screen reader may help but not all browsers offer it. Therefore, encouraging alternative solutions and multi-sensory techniques may decrease the likelihood of impaired users feeling disenfranchised and increase the probability of protecting oneself from phishing.
5:00PM – Hometime
Bid adieu to Bournemouth. Stroll through the city and take in the atmosphere for one more time before the bitter cold air gently ushers you to the train station. Vow to return during the summer for another visit – this time much longer than six hours.