At this year’s VirusBulletin conference, VB2023, SentinelOne’s Juan Andrés Guerrero Saade, a.k.a. JAGS, Associate Vice President of SentinelLabs delivered a keynote speech calling for a reevaluation of the conventional understanding of the cybersecurity sector. His talk, “The Physics of Information Asymmetry” challenged us to reconsider and reinterpret the fundamental concepts and language of our discipline.
Redefining the Language of Cybersecurity | A Critical Analysis
Juan Andrés opened the talk by critiquing the reliance on military and intelligence metaphors in cybersecurity. This borrowed lexicon, while providing a foundational language in the discipline’s infancy, has, over time, led to a narrowed perspective.
JAGS argued that terms like ‘cyber attack’ and ‘cyber domain,’ are rooted in a militaristic worldview and limit our strategic approach to digital defense. Are we, as cybersecurity professionals, constrained by the language we use? How would our strategies change if we broke free from these traditional paradigms?
Decoding Information Asymmetry
A central theme of the keynote was the concept of information asymmetry between attackers and defenders. This imbalance is not merely a tactical disadvantage but a core characteristic that shapes the landscape of cyber conflict.
Juan Andrés elaborated on how this asymmetry transcends mere knowledge gaps and engenders differing perceptions, capabilities, and intents. He challenged the audience to think beyond the conventional ‘cat and mouse’ game and consider the broader implications of this asymmetry. How does it influence our approach to defense? What new strategies could emerge if we fully understood and redefined cybersecurity in terms of information asymmetry?
Rewriting Cybersecurity Metaphors | A Call for Conceptual Revolution
There are no simple solutions when addressing such foundational issues, but the industry can only move forward by rising to the challenge. Juan Andrés advocates for a complete overhaul of the metaphors underpinning cybersecurity. Drawing from diverse fields like physics and information theory, he suggested that adopting new metaphors could lead to more effective and nuanced cybersecurity strategies.
This metaphorical shift isn’t merely semantics but a fundamental rethink of how we conceptualize cyber threats and defenses. What new models and frameworks could we develop if we freed ourselves from the current paradigms?
Leveraging External Expertise | Broadening Our Cybersecurity Horizon
Central to this new approach was the need to untap the potential of integrating insights from adjacent fields into cybersecurity. The industry as it now stands is unique in being insulated from valuable contributions from related disciplines such as information theory, control theory, complex adaptive systems, and statistics. This is a situation that must change if we are to evolve our practice and knowledge, and ultimately defend organizations more successfully.
An interdisciplinary approach, JAGS suggested, could unlock new perspectives and solutions, propelling our understanding of cybersecurity challenges to new heights. What innovative approaches might emerge from such collaborations? How can insights from these fields enrich our strategies and tools?
Conclusion | Charting a New Course in Cybersecurity
Juan Andrés Guerrero Saade’s keynote at VB2023 offered a compelling perspective on the future of cybersecurity. A thoughtful critique of current practices, it suggested a need for a shift in how we understand and tackle digital threats. The call to integrate ideas from various fields challenges us to think differently about how we conceptualize our discipline and what that means for its accessibility to others.