Q&A: Dr Jason Nurse

Dr Jason R.C. Nurse is an academic specializing in socio-technical cybersecurity research to support individuals, organizations and governments. Jason is a regular keynote and public speaker, and publishes extensively on current and future issues facing the security field. When he’s not trying to solve intriguing security problems in his role as lecturer (assistant professor) in cybersecurity Jason enjoys traveling the world.

What was your route into the information security field? 
My path into the security field was primarily driven by the desire to understand how technology can better support society, while also not exposing us to excessive amounts of additional cyber-risk. This focus on developing an in-depth appreciation of cutting-edge problems, as well as appropriate socio-technical solutions was the primary motivator for my academic career. This career has involved roles at the universities of Oxford, Warwick and now, Kent. I thoroughly enjoy the ability to explore new challenges in infosec, and it’s certainly a field that never gets dull!

What’s the most challenging aspect of your job?
Information security and cybersecurity are now more encompassing than ever. In this world of cyber-physical systems where we use such a diverse set of technologies in our lives and at work, the attack surface is enormous. This means that all stakeholders involved (from the heads of organizations to those who design or implement policy) need to appreciate this, instead of viewing technology as the only solution to security issues, or people/users as the problem. As an industry, we have become better at this over the years, but the human aspects of security and privacy often do not get the attention they deserve. This can therefore be a challenge when pushing for solutions that appreciate the socio-technical nature of infosec. With time, I hope we can get there.

If you could change one thing about the infosec industry, what would it be?
I strongly believe that the industry does a great job of protecting people against the wide range of threats that we’re experiencing today. One activity we could always get better at, however, is being more proactive. This is both in terms of pre-empting and mitigating threats, and addressing issues in emerging forms of technology, be it artificial intelligence, IoT or quantum computing. Cybercrime and cyber-attacks aren’t going away anytime soon, so we need to get better at how we plan, protect, respond and recover.

Do you think awareness of security risks is better now than it ever has been?
Yes, definitely, and this is very encouraging to see. Where things get challenging though is that as new technologies and systems emerge, we have to keep up with the risks and invest in programs to increase awareness. Just as security is an ongoing activity, so too is the need to communicate the risks, raise awareness, educate and equip individuals and organizations with the tools they need to protect themselves. This is a key component of my research. 

If you did not work in information security, what would your dream job be? 
I have a passion for the field of human-computer interaction, and thinking about how to design and build new forms of interfaces and technologies. As our world moves more towards smart societies, smart homes and automated environments, I find this to be an increasingly fascinating area with immense amounts of opportunity to innovate. So, I’d definitely choose to work in this space!

BIO @jasonnurse

Dr Jason R.C. Nurse is a lecturer in cybersecurity at the University of Kent where his research interests focus on the interaction between users and aspects of cybersecurity, privacy and trust.

What’s Hot on Infosecurity Magazine?