
In this series, we speak with our partner institutions about the collaborations shaping research and policy. For this blog, we spoke with Simon Shiu, Lead for Cyber Security, about the collaboration between CSEP and the University of Bristol and its impact on cyber security research.
Could you tell us a bit about your background in cyber security?
I recently joined the University of Bristol as a Professor of Practice in Cyber Security. Prior to that, I spent over 28 years in industrial research. Starting as a research engineer, I held a number of leadership positions and learnt about the advantages and challenges of bringing cyber innovation to market within a large multi-national.
I am an advocate of multi-disciplinary research, and I sit on the advisory board for the Research Institute of Sociotechnical Cyber Security (RISCS). I strongly support the way this group promotes integrated research from a broad set of disciplines including human factors, economics, legal and other social sciences.
Tell us about the CSEP work you did on the Cyber Sector
This was a huge opportunity to learn about the UK cyber innovation community and culture. Thanks to CSEP we worked closely with DSIT and other government stakeholders. This meant that we were well placed to influence the refresh of the national cyber strategy, now named the cyber action plan, although it did mean we had to complete the work much more quickly, i.e. within 3 months.
As well as the government links, the team had a mix of academic and industrial backgrounds, and diverse disciplines and expertise. This all helped as we interviewed nearly 100 stakeholders and organised several roundtables with experts across the cyber ecosystem, from technologists, founders, and investors to CISOs, researchers, and policy experts.
We were able to reflect the deep capability within the UK cyber community and that the UK cyber sector is growing healthily. However, the threats and demand for cyber resilience continues to grow even faster, so to support growth across all the sectors in the industrial strategy, we need to do more.
More detailed findings and recommendations are in the cyber growth action plan, and published as command paper.
So, what are your interests now?
Right now, we are focused on phase 2 of the CSEP project on cyber. This means leaning into some of the recommendations around how to stimulate UK demand led cyber innovation, and to do it in some of the places of strengths in the UK.
I remain interested in all aspects of cyber innovation, especially the aspects that differentiate it from other types of technology innovation. From securing aging environments and anticipating the cyber risks of new technologies to figuring out market incentives and regulations whilst competing with highly capable active adversaries; cyber researchers have many challenges.