In August 2020 I took up my first lecturing position in the Institute of Criminal Justice Studies. It comes after several years of post-doc positions with different research teams and in different institutions. What connects them all is their focus on security and the use of technology.
In my PhD, I worked with Dr Lynsey Gozna and Dr Julian Boon to develop a holistic model of deception that could be used in offline and online contexts. Rather than focus on detection, I took a practitioner’s approach of how they conduct and detect deception, which allowed me to consider physical deception and deception in cyberspace. Having the practitioner perspective was fascinating and afforded a broader perspective on how deception is conducted in the real world, and how strategies may be developed to counter it. Indeed, this early work forms the basis of my current interest on how deception manifests in cyberspace. Working with the National Cyber Deception Laboratory we are examining the application of deceptive tactics that are used in the military and in warfare to defending our computer networks against network intruders.
I worked on a HORIZON 2020 project called Citizen Interaction Technologies Yield Community Policing (CITYCoP) at the University of Malta. We explored citizen’s fear of crime and insecurity across several European countries, using several methodological perspectives including a survey, and a smartphone app that we developed called ‘I Am Afraid’, where citizens used the app to log when they felt afraid (when they were in a safe place of course!). We worked on qualitative research examining user experiences of using the ‘I Am Afraid’ app and explored how citizens report fear of crime on social media with colleagues from the Fraunhofer Institute. This work informed the development of a new app that citizens use to report crimes to the police.
I also worked on a project called Cybersecurity Across the Lifespan (cSALSA) with Professor Debi Ashenden and Dr Gail Ollis, which examined environmental and physiological factors that impact cybersecurity. My focus here was on the effects of time pressure on susceptibility to phishing emails. Part of this work also examined how developers perceived security and risk in their work, which I continue to examine as part of a CREST-funded project into software developer culture, which draws upon Social Practice Theory.
Thinking ahead, I feel we need more joined-up thinking – across disciplines and professional bodies – in conducting and detecting cyber deception, with robust testing for emerging models. Much of the work in this area appears to be dominated by a computer science perspective and while this has much to offer, it overlooks some important human behaviours. As a result, we do not know how effective these deception tools are.
Cyber deception is an exciting area. It allows us to explore new environments and new ideas to see how we can help solve real-world problems and move beyond experimental research to provide solutions to be used in the real world. I look forward to working on some of these solutions as I move forward in my career!
Applications are open to individuals from academia and professional practice (non-academic) to attend an online sandpit on Digital Vulnerabilities in July 2021. Up to £160k of SPRITE+ funding will be made available to fund interdisciplinary projects.