So the results of the Mozilla Delphi project are out. I was one of the panelists – alongside some pretty well known names like Jane Hall Lute, Bruce Schneier, and some other big etc.’s.   You can find it here:

And some background here:

“Mozilla’s Cybersecurity Delphi 1.0 is a step to address this gap, by identifying and prioritizing concrete threats and solutions. Through the iterative structure of the Delphi method, we will build expert consensus about the priorities for improving the security of the Internet—infrastructure to protect public safety, sustain economic growth, and foster innovation. The Delphi method offers unique benefits in this context because it aggregates the input of a diverse, broad set of voices, using a discrete and defined process with a clear, fixed end point and a mechanism for non-attribution to encourage open and through engagement. “

Im still processing the results, many of which I adamantly disagree with, but what I think the report mainly shows is that “cybersecurity” isn’t a thing that exists outside of specific sets of contexts and perspectives and goals. It just goes…poof…and disappears as a concept if it’s not bracketed by material constraints. The all over the board nature of the responses seems to demonstrate that (even though Mozilla did a good job creating a narrative around them).

That said, I think there are some interesting points in the document and that it’s worth a read – at the very least you’ll get to see some of the filter biases of some very smart people (obviously including my own).  And those are worth knowing, because very often our human fears and backgrounds and perceptions are not reflective of actual risks and needs.