DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære
What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis.
We asked Erlend a few more questions about his talk and breakout session.
Please tell us the top 5 facts about your talk and workshop.
- This will be an interactive session, and everyone can join!
- We are going to prepare for a cyber incident, together
- People share anonymous inputs via their phones
- Participants also receive individual updates on their phones
- There will be a breakout session afterwards for a deep-dive tabletop
How did you come up with it? Was there something like an initial spark that set your mind on creating this?
A business leader told me about a year ago they were in dire need of help with incident preparedness, and in particular, for the cyber domain. Turns out that many organizations are keen on doing preparedness exercises, but that they fail to do so because tabletops are often too simplistic, or too resource consuming. So my goal is to lower the threshold for engaging in hands-on practice sessions, supported by the interactive tool which we are all going to use in this session.
Why do you think this is an important topic?
Every organization needs to be prepared for incidents, as they are definitely going to happen. While there is no way to plan 100% for how events will unfold, doing preparedness exercises helps us find gaps in responsibilities, processes and countermeasures. Being part of an engaging exercise also gives people an experience to really remember, which increases the effect of outcomes among participants.
Is there something you want everybody to know – some good advice for our readers maybe?
After the main session on day 1, we are doing a break-out session on the tech track for those interested in a deep-dive scenario with a focus on discussions and experience sharing in groups. While we will use a tool for the exercise itself, the principles for running a successful tabletop are universally applicable to create engagement and good outcomes. Even at security conferences, I have rarely recorded previous experience with preparedness exercises above 50% of the audience, so here is your chance to share and engage with peers.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
The human side of security work will never go out of fashion, yet there is still room for innovation. The tool we are using in the session was developed only after my talk about the need for a human touch in cybersecurity at last year’s DeepSec. Just a few months later, several hundred organizations have now engaged with hands-on preparedness exercises using the tool -–and many of them for the very first time.
Erlend Andreas Gjære is a specialist in security and people, with a focus on security awareness, training and culture, risk, behavior, and user experience. He received his MSc degree in Informatics from the Norwegian University of Science and Technology (NTNU) in Norway, and then worked six years as a research scientist before transitioning to industry work as a consultant and security manager. He is now co-founder & CEO of the award-winning security software company Secure Practice.