Nov. 7, 2018 —
Is cybersecurity still giving you butterflies in the stomach? This award-winning cybersecurity research scientist works on technologies to distract attackers and improve cyber defense. This In the Spotlight series continues with Kimberly Ferguson-Walter from our Research Directorate.
Q: What do you do at the NSA?
A: I’m a research scientist focused on cybersecurity. My research interests focus on the intersection of computer science and human behavior. I have taken this in several directions including focusing on education and artificial intelligence in order to augment cyber defenders and users, as well as defensive deception and oppositional human factors in order to degrade the effectiveness of cyber attackers trying to breach or harm our systems.
Q: Why did you choose a career in cyber?
A: I was not focused on cyber before my employment at the NSA. I was excited to be given the opportunity to work with the best and brightest here and did not shy away from the challenge of learning about cyber on the job. I was impressed that the NSA valued outside perspectives and different backgrounds and was confident that I could put my background in artificial intelligence to good use in the cyber domain. The recent explosion of interest in both machine learning and cybersecurity has made this career even more exciting.
Q: How have you seen the cybersecurity mission evolve since you joined the NSA workforce?
A: I have seen much more emphasis on artificial intelligence (AI) and human behavior. The tone had shifted such that there are now few concerns that AI will take over operator’s jobs (even if there is doubt about how well the algorithms perform). People now realize that we simply don’t have enough operators to perform the job, and we need AI in order to scale up in number and in speed to defend our systems better. Operators are looking for all the help they can get, and that is understood up and down the management chain. From a behavioral science and human factors perspective, there is still so much more that can been done to help operators, if only we had more of those experts involved.
Q: What is your most notable success within the cyber field?
A: We’ve recently won the Best Paper Award at the top Human Factors conference by introducing the concept of Oppositional Human Factors (OHF) in our 2018 technical publication titled, “Oh, look a butterfly! A framework for distracting attackers to improve cyber defense.” OHF is the use of human factors theory, technique and practice to disrupt usability, understanding, and effectiveness of systems for cyber attackers. This is a notable achievement because it provided a new perspective for how the Human Factors research community can help cybersecurity. We hope that this will help influence future research results from the community that can be fed back in to the government and industry to help cyber defenders.
Q: What are your thoughts on the future of cyber?
A: While some people may view these ideas as contradictory, I believe we will not only see an increase in artificial intelligence (AI) in cyber security, but also a need to increase behavioral science and understanding the human component. Based on current research and advancements it looks like we will see self-driving cars before we see self-driving systems. But there are similarities in these problem sets. You have multiple sensors bringing in lots of disparate raw data that needs to be aggregated and analyzed in order for the system to make a decision about what action to take next and then perform that action. Then there is a feedback loop that provides information about whether that action was a good or bad decision and the AI learns accordingly. In my view, there are simply more people working on self-driving cars than self-securing systems. Additionally, understanding the human component is increasingly important as technology become more and more pervasive in our lives. The human is almost always the weakest link in the cyber security chain and we need to spend considerably more effort understanding how to educate and protect users in order to improve cyber defense.
Q: What’s your happy place?
A: My happy place is near the ocean, where I can close my eyes and listen to the waves… and forget about computers for a while.
Looking for more information on cybersecurity? Check out NSA's cybersecurity page, or StopThinkConnect.org.