About our guest:

Dr. Iain Reid

Senior Lecturer in Cybercrime

University of Portsmouth

https://www.port.ac.uk/about-us/structure-and-governance/our-people/our-staff/iain-reid

Topics discussed in this episode:

• How principles of military deception map onto cybersecurity
• Why the phrase “the human is the weakest link” oversimplifies risk
• What it’s like to research developer perspectives on secure software
• The psychology of decision-making in phishing attacks
• How time pressure influences risky digital behaviour
• The limits of “security culture” as an organizational solution
• How cyber deception fits within defence-in-depth

Papers or resources mentioned:

Reid, I., Okeke-Ramos, A., & Serafin, M. (2024). Exploring the ethics of cyber deception technologies for defensive cyber deception. In P. Bednar, J. Kävrestad, E. Bergström, M. Rajanen, H. V. Hult, A. M. Braccini, A. S. Islind, & F. Zaghloul (Eds.), Proceedings of the 10th International Conference on Socio-Technical Perspectives in Information Systems (STPIS 2024) (pp. 140-148). (CEUR Workshop Proceedings). https://ceur-ws.org/Vol-3857

Whaley, B. (2007). Stratagem: deception and surprise in war. Artech.

Rowe, N.C., Rrushi, J. (2016). Measuring Deception. In: Introduction to Cyberdeception. Springer, Cham. https://doi.org/10.1007/978-3-319-41187-3_11

Ashenden, D., Ollis, G., & Reid, I. (2022, October). Dancing, not Wrestling: Moving from Compliance to Concordance for Secure Software Development. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (pp. 1-9).

Paris Call for Trust and Security in Cyberspace

https://pariscall.international

Other

I would like to thank Dudley the French Bulldog for the invaluable (unavoidable) contribution to this episode.