Position: TREsPASS project technical leader
Company: University of Twente / TU Delft
Why did you choose for the programme at the University of Twente?
I started studying computer science, and after the first year I was looking for an additional challenge. At first I wasn’t sure whether PSTS was the right option, as I didn’t particularly like the technology assessment course in the computer science program. PSTS did seem convenient in terms of study load though (in the parallel program that was possible before the bachelor-master system), and I was attracted to the idea of doing something really different. I had also been interested in philosophical questions for a while. After visiting some information events, I became convinced that this would be way more in depth than what I’d seen before, and I also liked the broad interests of my fellow students. After I started the program, I found myself engaged in discussions that continued long after the lectures had ended, and this was a very valuable experience.
What are your daily activities within the organization?
I am the technical leader of TREsPASS, a large European research project on cyber security risk management. The 13.5 million euro project aims at helping organizations think more effectively about the threats they face and possible countermeasures, including not only technical issues but also human factors. We do so by developing thinking tools as well as analysis methods based on maps and navigation systems, from the perspective of a potential cyber attacker: attack navigators. This ranges from social science experiments on stealing keys and laptops, via constructing physical models with Lego, to calculating risk from probability distributions. Apart from the scientific coordination, I also contribute to the daily management of the project, ensuring smooth operation of the 9 work packages. I also do a lot of dissemination activities for the project.
What knowledge of your programme do you use in your work?
Risk is a very tricky concept, as are the related concepts of threat, vulnerability, trust, likelihood, to mention just a few. Risk, for example, can refer to an unwanted incident, the likelihood of an unwanted incident, or a combination of the likelihood and impact of an unwanted incident. Likelihood, in turn, can be expressed as a probability or a frequency, and in security we have to deal with both the likelihood of occurrence of cyber attacks as well as their likelihood of success. In this conceptual space, many things can go wrong because people use terms differently. Aligning efforts within the project is therefore a major challenge, also because we have technical sciences as well as social sciences on board. Setting up and managing such a project requires skills in terms of conceptual analysis, as well as the ability to work across disciplines, understanding how different fields of science look at the same (technical) problem. These are definitely skills that PSTS provides.
What are your ambitions for the future?
I hope the results achieved so far make it possible to pursue a further career in the academic world, with follow-up projects to deepen our understanding of risk assessment, in particular in contexts where one has to deal with strategic adversaries (attackers).
What is the best tip for prospective students?
Make sure you reserve plenty of time for discussing all kinds of topics with your fellow students.