Input metrics are a piece of cake. It’s easy to measure how much effort we’ve put into something and claim a win because we worked hard. But we should really be looking at output metrics too – the numbers that tell us how close we’ve come to achieving a goal.
For CyberUK, I think we can be proud on both counts. The team – across public and private sector – worked incredibly hard to deliver a conference that was free for the public sector to attend yet cost the taxpayer not a penny. And the curated technical content at the show had a low enough snake oil quotient that it could actually help the attendees provide better security for their organisations.
Figures to marvel at
Using the #CYBERUK17 hashtag, we had over 700 tweets, from more than 400 users, reaching 1.3 million individuals. In total, this content was viewed 2.2 million times. The 80,000-plus unique visitors to our website over the 3 days were treated to 17 new CyberUK-related blog posts.
170 speakers helped us deliver 39 hours of high quality content over 4 streams to over 2000 delegates. 12 small companies competed in our Dragons’ Den, organised with DCMS, and 4 will be working with the NCSC going forward. And (pause for breath) surprisingly for a government security conference, there was even mainstream media coverage, including 8 broadcast pieces.
There’s a lot of numbers there, but they all work towards a single goal: making the UK the safest place to do stuff online. This is the headline ambition of our National Cyber Security Strategy (NCSS), a purposefully and unashamedly ambitious project.
The NCSC is a focal point for actions and ideas which feed into the high level goals of the NCSS, and we may even act as a forcing function occasionally. But, there’s no way we can deliver that strategy by ourselves. We need to build a community of professionals (of all flavours – not just traditional techies) to collectively deliver that strategy. Now is the time to do that.
People power
The theme of the conference was ‘People – our strongest link’.
In her opening keynote, Emma W talked about how listening to people and taking their needs into account can help organisations do better security. I think we can apply that concept at a national scale. The deciding factor in whether we actually manage to make the UK the safest place to do stuff online, isn’t a piece of technology. It’s not a new standard or magic pixie box either. It’s whether we, as a community, can come together behind a common cause and work together.
I don’t mind if our adversaries win because they’re better than us [OK, I do mind]. But I really mind if they win because we’re collectively too daft to pull together.
Happily, for me, CyberUK17 saw the start of that community-building effort.
Code of conduct
That’s not to say there weren’t things to improve on from the conference. There were times when some of our delegates felt excluded or uncomfortable because of the actions of others.
In my closing session, I threw out a call to arms. Let’s make the cyber security industry an exemplar for diversity and inclusion – because, let’s be honest, it sucks at the moment.
The start of that journey is a community code of conduct. We need to come together and describe what this community is going to be like – what’s acceptable and what isn’t, what sorts of sanctions apply to various unacceptable behaviours. And we need to start discouraging behaviours and attitudes we won’t accept.
I’d like to quickly get to a standard we can all get behind and then have us publicly sign up to it, on the road to making it mandatory for working with the NCSC (and, I hope, other organisations in the sector). If you’re interested in helping out, please email CyberInclusion@ncsc.gov.uk and let us know. We’ll try to do everything virtually, so it shouldn’t be a huge burden. You can also use that address to let us know when our staff perhaps haven’t maintained the standards we aspire to.
We’ve spent years talking about how to improve diversity (race, gender, neurodiversity etc) in the sector. Now’s the time to actually *do* something about it. All the pipelines of new talent we’re building will be for nought if we don’t have a welcoming and inclusive community for this new talent to explore.
To one and all
Finally, I’d like to thank everyone who helped make CyberUK17 a success. The events team and venue staff, the NCSC Technical Directors who curated the content, the industry sponsors, DCMS for making the Dragons’ Den real, all the exhibitors who came with the right attitude. The Spotlight Stage speakers (that’s a hard gig – respect to you all!). But most of all the delegates. Thanks for your effort, sharing your expertise and your engagement. It’s ironic that they’re all input metrics. Let’s open CyberUK18 with some outcomes that we can achieve together!
Ian Levy
Technical Director, NCSC
Source: National Cyber Security Centre