Why cybersecurity professionals should study psychology

Jason Lau (CISO at crypto.com) is a member of the Black Hat MEA Advisory Board, contributing his expertise to continue making the event a more impactful and truly valuable experience for everyone who attends. 

From ethical hacker to CISO, he has been a driving force behind the discovery of critical zero-day vulnerabilities and the development of security resilience for a complex cryptocurrency exchange; and he’s committed to building and facilitating community and collaboration in the field of cybersecurity. 

We caught up with him ahead of BHMEA 2024 – here’s what he told us. 

Congratulations on being invited to the Advisory Board for Black Hat this year! What do you expect to be the trends and topics that will excite you the most at Black Hat MEA? 

“Thank you. I’m thrilled about the upcoming Black Hat MEA conference – and I’m honoured to be on the Advisory Board and working closely with the organisers to put on an even bigger show than last year. We have a new venue to cater for the growing global attendees, and look forward to putting some cutting edge discussions and technical sharing sessions, including: 

• Zero Days and Attack Profiling: These are always hot topics, and lessons learned from very large and public incidents can help the audience better understand the situation and attack methods and remediations. However, what is great about Black Hat is that we also get a taste from security researchers who may have found critical issues which may not have reached mainstream, but deserve an audience. Sometimes, these new attack methods may not yet be exploited, but they help to raise awareness of up-coming potential threats so we can better prepare.
  
• Critical Infrastructure: Securing critical infrastructure is crucial due to the severe impact of potential attacks. The 2021 Colonial Pipeline ransomware incident highlighted the vulnerabilities in energy and water supply systems, making robust defence mechanisms more important than ever; and different countries have stepped up their regulations and guidance on critical infrastructure. This is definitely an area of extreme importance given the geopolitical challenges being faced globally. 
  
• Emerging Technology: Quantum computing, blockchain, and IoT are reshaping cybersecurity. Quantum computing threatens current encryption methods, requiring the development of quantum-resistant algorithms. It’s important to continue to have great speakers from around the world to share the developments in this space. 
  
• Artificial Intelligence (AI): Last but not least, AI is transforming cybersecurity with advanced threat detection and response capabilities. However, AI also introduces risks, like adversarial attacks designed to deceive AI systems. This makes research into AI robustness vital, and deeper discussions are needed to explore the best ways to guard-rail AI for ethical use, and the clear and present risks of advisories using AI for new-age attack methods.  

Why did you decide to join the ISACA Board of Directors – and what has that experience been like to date? 

“Joining the ISACA Board of Directors was driven by a deep commitment to the information security community and a desire to contribute in meaningful ways. 

“One of the main reasons I joined the ISACA Board was to give back to the community that has supported me throughout my career. Serving on the board allows me to help shape the future of information security practices and support initiatives that enhance professional standards and education. It’s incredibly rewarding to contribute to the growth and development of the field. 

“With my background in cybersecurity operations, I bring practical insights to strategic discussions on the board. This role allows me to influence decisions that impact the broader cybersecurity landscape – ensuring policies and frameworks are not just theoretically sound but also practically implementable. 

“Being on the Innovation and Technology Committee has also been a great way to engage with other committee members to debate and discuss emerging technology issues for both ISACA and to share operational insights from the outside world; so we can continue to innovate to empower our global membership to be able to learn and achieve more in their careers.  

“I believe in continuous learning, and being part of the ISACA Board has been enriching in this regard. Interacting with seasoned peers provides invaluable learning opportunities, fostering a culture of continuous improvement and innovation. This collaborative environment enhances my knowledge and inspires me to bring new perspectives to my work. 

“With all this in mind, my experience on the ISACA Board has been immensely fulfilling so far – allowing me to contribute to critical initiatives and advocate for best practices in cybersecurity.” 

We saw that Crypto.com recently reached over 100 million users. How has security played a part in achieving this goal? 

“It was a milestone largely driven by our focus on security, regulatory compliance, and data privacy, helping us to obtain more certifications and licences. From the beginning, Crypto.com has prioritised creating a secure and compliant platform, which has been crucial in building user trust and expanding its user base. 

“I am fortunate to work with a passionate and dedicated global team, and work closely with external partners and extended relations with the ethical hacker community. It’s a tough industry due to the nature of the industry – and while the benefit of cryptocurrency is that it is 24/7/365, our teams have to be able to scale and support this to safeguard our users. 

“We also have one of the highest rated bug bounty programs worldwide, showing our full appreciation to the time and effort security researchers put into discovering bugs so that we can continue our commitment to consumer protection.”

Finally, if you could go back to the beginning of your career and tell yourself one thing you wish you'd known then, what would it be? 

“I'd tell myself to embrace challenges and uncertainties as opportunities for growth and learning. 

“Early on, I felt pressured to have all the answers and avoid mistakes. However, I’ve learned that overcoming difficulties provides invaluable lessons. The cybersecurity field shares many parallels to the game of chess, and even the best grandmasters are not unbeatable. Each day is a new challenge and it’s important to learn and evolve regardless of the outcome.  

“Additionally, I would advise my younger self to take more courses on psychology. Many may find this interesting and unusual, but actually, when you think about it, understanding human behaviour is crucial for anticipating and mitigating cybersecurity threats. 

“Knowing what motivates threat actors and how they think can enhance strategies and responses to attacks – both insider threats and external threats to the business. This insight is invaluable for a CISO, as it helps in developing more effective defence mechanisms and fostering a proactive rather than reactive security posture.” 

Thanks to Jason Lau at Crypto.com. Register now to attend Black Hat MEA 2024, and gain inside insights from the leading minds in cybersecurity.

Register now to attend Back Hat MEA 2024 and immerse yourself in learning directly from the leading experts in cybersecurity.