In this week's episode of the Future of Cyber Risk podcast, David speaks to Dr. Eugene H. Spafford, Professor of Computer Sciences at Purdue University, Dr. Leigh Metcalf, Senior Network Security Research Analyst at CERT, and Dr. Josiah Dykstra, Technical Director, Critical Networks & Systems at NSA, authors of the book Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us. They discuss the various myths and misconceptions that can hamper security, how to mitigate bias during incident response, and how to use critical thinking to avoid assumptions around threat intelligence.

Topics discussed:

• The processes, approaches, or methodologies cybersecurity professionals can use to identify misconceptions or myths, including education and critical thinking.

• How myths perpetuate on cybersecurity, especially when there's no "precise definition of what cybersecurity is."

• How to mitigate bias through planning and practice, especially during incident response.

• How to avoid misconceptions about threat intelligence by not making assumptions about data and instead using critical thinking and context.

• Why academic programs for cybersecurity need a wider array of educational opportunities to train different roles.

• Advice for security practitioners that include to be an enabler of safety, to never stop learning, and to embrace differences and ambiguity.