3 Key challenges to smart city security

This week, we interviewed Betania Allo (Cyber Lawyer and Policy Expert) to find out what she learnt about smart city security through her former roles at NEOM and United Nations. 

With over a decade of experience in public policy and entrepreneurial ventures, Allo was recognised as one of the Top 25 Cybersecurity Stars of 2023. Now, she’s pursuing a Doctorate of Engineering in Cybersecurity Analytics at George Washington University, and supporting new generations of cybersecurity talent through mentoring, lecturing at universities, and sharing her wisdom at conferences like Black Hat MEA. 

Allo shared three key challenges that smart cities face as they work to develop robust security operations – and told us the one thing she wishes she’d known at the beginning of her career. 

Let's start with NEOM. It's an incredibly exciting project – what was the experience of working at NEOM like, after working with the UN as a cyber law and policy expert?

“NEOM is often described as a prime example of a greenfield smart city project. With technological innovation embedded in every single fibre of it, working in cybersecurity was a great opportunity for me to understand its unique complexities. 

“Like any giga-project within Saudi Arabia's Vision 2030 it requires a proactive, adaptable, and collaborative approach that integrates security into every aspect of the project's lifecycle. It involves embracing cutting-edge technologies while also prioritising security, and fostering collaboration across stakeholders to address evolving threats and challenges.

“The human factor and promoting a culture of security awareness remain a crucial aspect of cybersecurity across all industries. But in Smart Cities, the approach is more comprehensive: training residents, employees, and stakeholders on cybersecurity best practices and raising awareness about potential threats can help mitigate risks associated with social engineering attacks, insider threats, and human error. 

“In addition, I believe that continuous improvement and monitoring are aspects sometimes overlooked in cybersecurity in general. They are crucial to ensure that the cybersecurity measures put in place remain effective in mitigating evolving threats and addressing emerging vulnerabilities. I am a data-driven policymaker, so I truly believe that by continuously monitoring cybersecurity metrics organisations can detect anomalies and potential security breaches in real-time, allowing for prompt response and mitigation actions. 

“Periodic audits and assessments also provide a comprehensive evaluation of our cybersecurity posture, identifying areas of strength and weakness. This allows leaders to prioritise resources and efforts towards improving security where it is most needed. Also, establishing a process for lessons learned and knowledge sharing enables us to benefit from past experiences and industry insights, fostering a culture of continuous learning and improvement in cybersecurity practices.”

What are the key challenges in developing security for a smart city right now? 

“Smart cities face complex cybersecurity issues. I like to group these challenges in three:

1. Infrastructure, as starting from scratch means lacking existing security measures, but also in the integration of interconnected systems and technologies.
2. Operational, with lack of sufficient historical data to design effective strategies.
3. Evolution, as the evolving threat landscape and sophistication of cyberthreats require continuous updates, training, and capacity building. 

“These key challenges require a holistic approach, proactive planning, with a leadership well versed on the specific needs and open to multi-stakeholder collaboration to develop robust cybersecurity strategies.”

How did you get into cybersecurity – and can you share any pivotal moments that led you to where you are today? 

“This is an interesting story – I always say I had an unconventional path to cybersecurity. While law was my initial path, I first worked in public policy making in Buenos Aires. My interest in diplomacy led me to a Master's in International Relations at Harvard. The desire to combine my legal background with a hands-on tech approach steered me towards a Master of Laws (LLM) in Cybersecurity Law and Policy at Syracuse University, followed by a Postgraduate diploma in Compliance and Cyber in Spain. 

“Returning to the US, I rejoined the United Nations, where I had interned twice, landing a role at the Security Council Counter-Terrorism Committee Executive Directorate (CTED). Here, I witnessed the positive and negative sides of technology, particularly its vulnerability to terrorist misuse. 

“CTED's mission resonated deeply: collaborating with member states to tackle this issue while respecting human rights and international law. Witnessing the intricate connection between international security, technology, and law fueled my desire to delve deeper. I landed admission to a prestigious doctoral program in Cybersecurity Analytics at George Washington University while simultaneously receiving invitations to speak at international cybersecurity conferences, including Black Hat MEA 2022, which sparked my love for Saudi Arabia. 

“Transitioning from NYC to NEOM presented a challenge, but the opportunity to contribute to such a unique project with a specific focus on cybersecurity was highly motivating. I’m proud of the journey so far, driven by a passion for combining law, technology, and policy that I keep building – and I am excited to see where it takes me next!”

If you could go back to the beginning of your career and tell yourself one thing you wish you'd known then, what would it be? 

“Don't let gender hold you back in the world of technology. While I always gravitated towards tech, fear prevented me from truly pursuing it as a career path. It's ironic, in a way, how I ended up here anyway, but the journey itself has been a treasure trove of learning. Every challenge (navigating scholarships as a foreigner, juggling work and studies) sculpted me into who I am today.

“I would also whisper to my younger self, ‘Hang in there, things get better!’. 

“Now, I have the privilege of mentoring the next generation of cyber leaders. To them, I say this: don’t be scared of the unconventional. Cybersecurity thrives on diverse perspectives, so never hesitate to think outside the box. Women today are the voice that dares to break through the noise. Our unique experiences are invaluable, so let’s share them confidently. 

“While the path may not be smooth, especially for women in a historically male-dominated field, don't let that deter you. I've seen firsthand the dark realities of abuse, harassment, and discrimination, and these battles will likely continue. But I don't lose sight of this truth: we have the power to rise above: investing in education, nurturing confidence, and knowing one’s worth. 

“True leadership doesn't resort to intimidation or power plays; it empowers and uplifts others.”

Finally, why are events like Black Hat MEA valuable to you?

“Events like BHMEA are a party for me. It is such a wonderful opportunity to catch up with colleagues, to meet new ones, network, learn from thought-leaders from around the world in different areas related to cyber and tech, try new solutions and innovations, share best practices… 

“Black Hat is a forum for advancing knowledge, fostering collaboration, and strengthening defences against cyber threats in an increasingly interconnected and digital world.”

Thanks to Betania Allo. Want to learn more about smart city security and building your career? Join us at Black Hat MEA 2024. Pre-register now.