Accessible, authoritative and reliable: How CyBOK offers industry practitioners a fundamental route through the changing world of AI

Accessible, authoritative and reliable: How CyBOK offers industry practitioners a fundamental route through the changing world of AI

Published: 19 Sep 2024, 8:30 p.m.

The breadth of knowledge captured and offered by CyBOK has been pivotal to Matilda Rhode’s professional trajectory – first when working on her PhD, then for understanding the specialisms of the industry cyber innovation team she went onto manage, and now as part of the project’s Executive Board. Alongside her role as the AI and Cyber Security sector lead at the British Standards Institution (BSI), Matilda is passionate about encouraging people to take an interest in both areas, by giving tools that meet their practical needs. At a time when conversations and applications focused on AI are becoming increasingly prominent, her work and that of CyBOK’s could not be timelier in helping to dispel misunderstanding by presenting authoritative insights.

You’ve used CyBOK in several ways – what do you think makes it such an invaluable tool?

There’s a perception that cyber security is a very technical field, even though there are lots of non-technical skills that are essential across the board. People can get put off if they aren’t comfortable with technology or if they’ve only been able to find content aimed at experts. The fact that CyBOK is so accessible – in terms of being open source and the way the information is presented in plain English – makes a huge difference. CyBOK is like a gateway that opens up new areas of understanding for people who might not otherwise find the subjects approachable.

You worked on CyBOK’s AI for Security Topic Guide. How would you describe your experience and did you come up against any particular challenges?

Covering the wide range of AI applications in cyber security was a challenge, as well as how to structure the guide and write it in an accessible way. ChatGPT had just gone live at the time, which presented an added challenge; I was very conscious of the need to keep on top of the trends so that what I produced wouldn’t go out of date. As it turned out, I don’t think ChatGPT has had quite the earth-shattering impact on cyber security that many thought it would in terms of outdating existing cyber security products and practices. The Knowledge Guide for cyber security and privacy of AI was also being written at the same time, so there was useful liaison between the editorial teams to ensure the two would work alongside each other.

Your role on the CyBOK Executive Board is focused on encouraging industry to adopt the principles and tenets of the project. What particular industry challenges do you think CyBOK is well-placed to help resolve?

One of the biggest challenges industry faces relates to recruiting for cyber security roles. For instance, we know that with the first pass of the recruitment process, we often need some kind of criteria in order to filter out candidates and identify a shortlist of people who can be interviewed. Sometimes professional certifications are used for that filtering process, to make yes/no decisions. But the problem with that is that having a professional certification isn’t necessarily a good indicator of someone’s experience. We’ve been talking to industry colleagues about how CyBOK could help to inform specific first-pass tests, which would be especially useful for recruitment teams who might not have deep knowledge of a particular area.

CyBOK could also be a resource for anonymous interview processes to help address unconscious biases in recruitment.

When it comes to making cyber security more diverse as a sector, CyBOK has a huge role to play. There can be an element of gatekeeping and seemingly high barriers-to-entry around particular topics in certain specialisms, which can discourage or inhibit a wider group of people entering the sector. By giving people the ability to understand different specialisms, which could be linked to Continuous Professional Development (CPD) or other initiatives, CyBOK could help to diversify and inform the workforce by upskilling more people.

Given the pace at which conversations and applications around AI are accelerating, what role do you think CyBOK has to play in terms of disseminating accurate, accessible and helpful information?

CyBOK offers a thoughtful and long-term view that can counter the sense of panic which seems to come with talk of AI (or cyber security!). Generative AI tools may be liable to producing inaccurate content, so it’s valuable to have information written by a traceable source of authority.

It takes a while for new technology to become embedded in society, so we can afford to take a more thoughtful approach. People often say that because the technology is moving so fast, it’s difficult to offer standards and practices that will help people to keep up. But as authors and experts, both from my perspective working with the British Standards Institute and with CyBOK, authors are conscious of the cadence with which written advice created and updated.

It’s also worth noting that in cyber security we see a lot of patterns re-emerging over time; while there’s a lot of emphasis on new technology and the future, part of which is driven by the marketing side of products, things aren’t always moving as fast as they might seem or we might be led to believe.