International collaboration for security, with Kenneth Geers

Dr. Kenneth Geers (External Communications Analyst at Very Good Security) is an active player across numerous cybersecurity think tanks and development initiatives.

He’s a Senior Fellow at the Atlantic Council Cyber Statecraft Initiatives; an Excellence Ambassador at the NATO Cooperative Cyber Defence Centre; and an Affiliate at the Digital Society Institute, Berlin.

With extensive experience in cybersecurity and government intelligence, he promotes collaboration across borders and between disciplines. He’s coming to Riyadh to speak at Black Hat MEA 2023 – so we caught up with him for a glimpse into his world.

How did you get into cybersecurity?

“I was a US government intelligence analyst for 20 years. When I started in 1993, I had never owned a computer. But during the 1990s, ‘cybersecurity’ became the newest and hottest discipline at the Pentagon. I took basic courses in coding and hacking, and then combined that with my true loves: international relations and foreign languages.

“I discovered that computer network attacks, from adversary reconnaissance, to denial-of-service, data exfiltration, and data destruction, could often be traced to criminal organisations, intelligence agencies, or the militaries of foreign nations. Today, everything of geopolitical import is a magnet for malware.

“My first Black Hat presentation, in 2004, focused on cyber conflict in the Middle East. Since that time, I have published articles and books on numerous strategic cybersecurity challenges around the world.”

What are your thoughts on international collaboration?

“Cyber(in)security is an international problem that requires an international solution. Much of my career has been focused on international collaboration on cybersecurity.

“I have contributed to many NATO, EU, OSCE, and academic initiatives. In 2007, I moved to Estonia to help build the NATO Cooperative Cyber Defence Centre of Excellence. I was honoured to be the first non-Estonian researcher posted to the Centre, where there are today nearly 40 nations on staff.

“We manage Locked Shields, the world’s largest cyber defence exercise, and we have published hundreds of academic papers from scholars in dozens of countries.”

Can you describe a particular challenge in cybersecurity?

“Cybersecurity is hard to quantify – and therefore to justify. Some lucky organisations may never experience a targeted attack, and as a result, they may wrongly conclude that cybersecurity is not worth the investment. However, as soon as that same organisation grows big, rich, or important enough to land in the crosshairs of an advanced attacker, it may be too late.

“Random malware and opportunistic hackers are always a problem, but targeted attacks against individuals, companies, verticals, and even nations, can be extremely effective.”

What do you like about your job?

“The most important part of cybersecurity is people. Everything begins and ends with humans. Cybersecurity research has taken me all over the world. Today, I am friends with analysts and scholars in many countries, but we always share at least one common language: TCP/IP.”

What’s one thing you wish everyone knew about cybersecurity?

“Everyone can – and should – make a contribution. Cybersecurity is inherently multidisciplinary, and each of us has a role to play. Our children already participate in many Internet-based activities that we do not experience or understand. Therefore, we should focus on values and strategy, because to some degree, we must trust that, in the future, our children will advance cybersecurity in creative ways that we will never see.”

What does Black Hat mean to you?

“We must all be life-long learners. Every Black Hat event offers researchers a mountain of valuable new information. In particular, we come to Black Hat to learn about future attacks, and to think about how we might defend against them. Finally, we come to see old friends – and to make new ones.”

Thanks to Kenneth Geers at Very Good Security. Want to learn more? Register now for Black Hat MEA 2023.