WEIS 2017: An Experience

By Sanchari Das, Ph.D. Student

I arrived in the land of beaches, San Diego. The serene Pacific welcomed me with open arms on a bleary day. As I rested on the beach, my very first interaction with the Pacific, I watched water rolling against the rough shoreline and noticed the sign stating "No Lifeguards." The warning was there to help us protect ourselves. We needed to know not to dive too deep in the ocean, regardless of the pleasures and possibilities inherent in swimming. It seemed an apt metaphor. We humans are similarly vulnerable to the vast ocean of internet. What we call security is not confined to physical security, but means security in the age of cyberspace. I came to this beautiful land to attend “The Workshop on the Economics of Information Security” (WEIS, 2017) hosted by the Rady School of Management, UC San Diego.

WEIS is a forum where scholars from universities all around the world come to discuss their research. It was intriguing to watch how entwined the connections are amongst protection and security investigations; especially considering the distinctive classifications of different genres within the larger field. This year marks the 16th consecutive year of the conference, which addresses issues and vulnerabilities in Security, handling them through technical solutions. Roughly one hundred to one hundred fifty scholars attended. The distinguished names of the members of the organizing committee are a strong indication of how significant the conference is (https://weis2017.econinfosec.org/organization/).

I was fortunate to be awarded a NSF travel grant to assist the conference in the inaugural year of my PhD studies. Eminent professors whose papers I have read and cited were there. I had multiple, captivating encounters with scholars, such as when I met Dr. Alessandro Acquisti, Dr. Serge Egelman, and others. I probably squeaked in excitement when Dr. Acquisti talked to me regarding his research, and was interested to learn that I am doing my research on socio-technical security, design and analysis of security and privacy regarding user experience, and human-computer-interaction. Dr. Egelman also discussed a few subtleties in his security expertise paper which addressed concerns we have in our own research and experiment on phishing. As a result, we will be using some of his questions in our work as referenced materials.

I was awed by the prominent analysts around me. I am so fortunate to develop beneath the direction of Dr. L. Jean Camp, who is co-advising me at Indiana University, Bloomington. She was happy to introduce me to everyone and encouraged me to enter my name for the RUMP session after the group discussion. Dr. Tyler Moore organized the RUMP session (these are lightning talks regarding anyone’s research, any announcements, and so on.) Giving my first academic talk in front of all the scholars in my field made me both very anxious and excited. With everyone’s encouragement, my first talk, which regarded the Yubico experiment, went quite well. Representatives from Google valued our research with my co-researchers: Gianpaolo Russo and Andrew C. Dingman, under the guidance of Dr. L. Jean Camp.

The two-day workshop was efficiently separated into topics, including papers representing those subjects. Some of the themes included: Security Investment and Performance, Privacy, and Vulnerabilities. My preferred theme was Privacy, since it was directly related to my research interest. However, I am grateful to have discovered the opportunity to take in this advancing knowledge and to know so many individuals are doing great work in my area. The keynote speaker Mr. Andrew Serwin gave magnificent insight on the legitimate subtleties between the security and camouflage concerning an organization.

We were taken to the Birch Aquarium for the reception dinner where the excellent sunset gave me a chance to think that there are a cluster of escape clauses in the circle of security which flourish upon human vulnerabilities. It is research like these which give definite knowledge on what is occurring and we should urge scholars to develop more in their particular research.