How this researcher’s pursuit of ‘what if?’ led to a career in cybersecurity


2 Sep 2020

Elizabeth O’Sullivan leads Allstate’s cybersecurity innovation and analytics work. Image: Fulbright

Dr Elizabeth O’Sullivan of Allstate Northern Ireland is using the latest knowledge in cryptography and AI to develop ‘data protection as a service’.

Elizabeth O’Sullivan studied computational mathematics at undergraduate level, before embarking on a PhD in theoretical and computational physics at Queen’s University Belfast (QUB). Since 2007, she has specialised in the area of cybersecurity and led research and development in software security at QUB and was co-investigator on the EU-funded Horizon 2020 SAFEcrypto project.

She now leads Allstate’s cybersecurity innovation and analytics work in Northern Ireland to develop new capabilities and services in advanced cryptography and cybersecurity analytics. As a Fulbright TechImpact Scholar, O’Sullivan will conduct research on cybersecurity policy and governance in financial services at Boston College. The application period for 2021-2022 Fulbright Irish Awards opened on 31 August 2020.

‘We must get better at bridging the gap between academia and industry’
– ELIZABETH O’SULLIVAN

What inspired you to become a researcher?

It certainly wasn’t the plan. As I progressed through my undergraduate studies, I was constantly facing gaps in my knowledge and problems that I initially couldn’t solve. I often had to spend long hours working with and thinking through complex problems in mathematics or coding.

The feeling of being able to overcome my own limitations gave me a tremendous sense of personal achievement; a mental high. I remember specifically working on a final-year project in numerical analysis that combined my evolving subject matter expertise in both coding and mathematics.

I had understood the theory of the problem quite well at the start, or so I thought. Having to translate the theory into working computer code, examine known test cases, think about edge cases and following the path of pure ‘what if?’ opened up a whole new level of understanding, excitement and a sense of exploration.

From that moment onwards, I just haven’t stopped asking myself ‘what if?’

Can you tell us about the research you’re currently working on?

My research focuses on security and privacy mechanisms to support scalable, real-time, high-assurance analytics. It is a fusion of cryptographic protection technologies and detection techniques using machine learning.

I joined Allstate, a financial services institution, in 2017. My team has taken a platform-based approach to provide data protection as a service for enterprise to abstract the complexities of cryptographic technologies and anomaly detection.

This platform-based approach allows us to easily investigate emerging techniques from advanced research on real-world settings in addition to developing our own methods.

In your opinion, why is your research important?

Cybersecurity is a global challenge. Technology is radically transforming society, however the rapid pace of digitisation has created fundamental challenges in core issues such as trust, identity, security and privacy.

The failure to address these issues will have a profound impact on business growth and society as a whole. We are already seeing disturbing effects at all levels and cyberspace is becoming increasingly adversarial.

As a result, we are seeing an increase in security and privacy regulations. However, we must ensure that these regulations are consistent and coordinated so that they achieve the desired effect.

During my 2020-2021 Fulbright TechImpact Award to Boston College, I will engage with a range of key stakeholders to drive consistency and clarity in this space.

What commercial applications do you foresee for your research?

My research has significant commercial investment from Allstate. However, my vision is to prepare the environment where I can foster greater partnership between academia, start-ups and industry.

Many state-of-the-art techniques from academia never translate to industry because the environment is not right; conversely, industry needs to keep abreast for innovation. We must get better at bridging this gap.

What are some of the biggest challenges you face as a researcher in your field?

Cybersecurity is a diverse and rapidly evolving field. There will always be practical constraints when implementing security in real-world systems, therefore systems will always be exploitable.

Many attacks we see in the media are preventable, but some attacks can exploit systems in ways never thought of before. When you develop any security mechanism, whether it be an algorithm, protocol or system, if it is widely used, it will be hacked. You must prepare for that as best you can, but prepare for it no less.

Are there any common misconceptions about this area of research?

That by entering this field you will learn how to hack. Most of today’s attacks and hacks are fully automated and malicious intent is more important than skill to do harm. Designing a system that can withstand continual attack, that is real skill.

What are some of the areas of research you’d like to see tackled in the years ahead?

I’d like to see more research in privacy-enhancing technologies in real-world environments. For this to happen we need the cooperation of public-private partnerships. There has been tremendous advances made in the development of these technologies, but we need to know more about their applicability and performance in practical use cases.

Are you a researcher with an interesting project to share? Let us know by emailing editorial@siliconrepublic.com with the subject line ‘Science Uncovered’.