A Call for Public Policy and Technology Heroes


Posted on by Kacy Zurkus

It’s been such a joy to share the stories of so many security professionals who are doing incredible work to defend against cyberthreats. But winning the battle between good and evil is not the only way to be a hero in the cybersecurity industry.

At last year’s RSA Conference, we were excited to host an inspiring Public-Interest Technology track represented by over a dozen leading security, civic and social sector leaders, including ACLU’s Ben Wizner and Harvard professor Latanya Sweeney. Focusing on the ways in which security professionals can both find and create opportunities to serve the public good as cybersecurity professionals, Bruce Schneier and the Ford Foundation brought together a community of people who are using their skills in technology to change the world for the better.

“It was a phenomenal event at RSA Conference. We brought together all of these people working in public-interest technology in its various guises, and demonstrated to the audience that there are many different opportunities to serve the public good as part of a cybersecurity career, whether it’s by working for the government or an NGO, taking the role of an advisor or being a voice for the public good within a traditional technology company,” Schneier said.

Both RSAC and Schneier received a lot of positive feedback from the event, and we want to keep the momentum going. Why? Because as an industry, we have the expertise policymakers need to solve some of today’s hardest tech policy problems. “There’s expertise that we have at RSA Conference that policymakers need. Computer security has always been embedded in politics. Encryption is political. Vulnerability finding is political. Privacy and anonymity are political,” Schneier said.

The Ford Foundation writes about a supply problem and a demand problem. We need technologists who want to do public-interest work, and we need jobs for them to do it in.

Last year’s track offering attempted to address the supply problem: convincing more cybersecurity professionals that public-interest technology is for them. Schneier believes this is the biggest problem long-term. “We have a cybersecurity skills gap in all areas of our field. Public-interest technology will be hit even harder, because it generally doesn’t offer the salary opportunities as private industry.

Even so, Schneier says that the demand problem is more immediate. “I have more people calling me saying I want to do this than I have places for them to go, which indicates that there is a more immediate demand problem.” There is not a broad understanding that this service is needed inside government, federal agencies, the press or NGOs.

Yet the major policy problems of our society are deeply technological.

“Think of AI and ethics, the future of work, bioengineering, climate change, even food security. These are problems that have core technology components to them, but we will never get the policy right if we get the technology wrong,” Schneier said.

“Still, in 2018, Sen. Orrin Hatch evidenced that he does not know how the Internet works when he asked Mark Zuckerberg how Facebook makes money,” said Schneier. “How do we expect government to effectively create policies and regulate social media platforms if they don’t understand surveillance technology? We at RSA Conference understand the technology, and we need to start advising policymakers.”

There are many paths, some of which have been paved and others are in the nascent stages of being cleared. Now, we need the cybersecurity heroes to courageously move forward to serve the public good. Learn more about public-interest technology by visiting the resources page. Also, check out this short video on the field by Bruce Schneier.


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

exploit of vulnerability encryption strategy & trends artificial intelligence & machine learning policy management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs