My research investigates security convergence within organisations, and how different security resources collaborate to understand and mitigate threats. Convergence is advocated as a potential solution to the security challenges organisations face from the blurring boundary between the cyber and physical domains; yet there is no roadmap for organisations who want to adopt this approach.
My research explores how effective convergence can be facilitated, and I have identified a preliminary set of factors important to effective convergence through interviews with senior security staff and a rapid review of the literature. Factors include organisational structure, culture, communication, and engagement. These will be reviewed and rated on their importance by a panel of security professionals with the aim of providing organisations with a list of critical success factors to guide their convergence efforts.
Another strand of my research investigates the organisational decisions that underpin the adoption of convergence. Key questions here include: what instigates the decision to converge, and how do organisations decide what convergence will look like in their setting? This is being explored through a series of email interviews with staff who have been involved in those decisions.
Before my PhD I had a varied career in both public and private sectors, working across different industries. I have taken an opportunistic approach to my career, and so there is no traditionally clear path which led to my PhD research. My career is, however, underpinned by the knowledge I gained during my MSc in Human Centred Computer Systems. Here I learned that systems need to be designed to be both usable and useful; and that research can ensure that systems fit the needs of users.
I use the term ‘system’ in its broadest sense. When we think about the systems people engage with—from a website through to an organisational structure, design plays a critical role. This was illustrated to me when working at the National Patient Safety Agency and reviewing incidents involving medical devices. Here, I became aware of potential design issues with medical devices, as well as broader system factors such as context of use, availability, storage, and transportation in use. Such broader organisational system factors, and their role in the effective collaboration of security resources, are the focus of my current research.
During my career I have been involved in some amazing research. I feel the greatest sense of achievement from the large-scale projects I have been involved in, which comprised multiple stakeholders, and extensive, detailed preparation. Whilst at User Perspective I managed a large-scale field study in a busy public space to test a security function. This was novel research testing an operational security function in a live environment to help inform decision makers. At IBM I delivered the materials for a user test of a redesigned defence system involving approximately 100 MOD personnel. This was a complex user test to assess the usability of the system in context, with many simultaneous, diverse users.
These projects demonstrate the importance of being close to the field of application, and this is what excites me most about my research. Engaging with security practitioners is so insightful and I am heartened by their willingness to be actively involved in research. It motivates me to think that the outputs of my research will be used to guide organisations to make them more secure, and their potential application to areas such as healthcare. I hope my research will provide the foundation for further work in this area to understand why convergence breaks down, what impact this has on those involved, and staff opinion towards a reversion to a delineated approach.
Applications are open to individuals from academia and professional practice (non-academic) to attend an online sandpit on Digital Vulnerabilities in July 2021. Up to £160k of SPRITE+ funding will be made available to fund interdisciplinary projects.