We live in interesting times. Cybersecurity is finally being treated very seriously, both on the technology and policy level - including international relations, the so called “cyber” diplomacy.

I come from a technical and research background, having also experience in standards and regulations. In particular, I am fascinated with the interactions of technology and regulations - with special regard to security and privacy technology as well as data privacy regulations, such as the General Data Protection Regulation (GDPR) and ePrivacy Regulation.

Cybersecurity is one of the top interests of this (and the next) decade, with the regularity of cyber attacks, disinformation campaigns, cyberoperations and beyond. Countries continue to develop strategic approach to cybersecurity (examples: French strategic cybersecurity document, Cybersecurity framework of the European Union). A concept tentatively called the Digital Geneva Convention is being debated seriously (examples: 1, 2).

I’m happy to say that starting in April I’ll be helping at the International Committee of the Red Cross in Geneva, as a scientific and policy advisor on cyberwarfare. This is an opportunity to remain close to the technical things, but to focus also on the international cybersecurity regulations, including on the international humanitarian law.

That said, I’m not abandoning my involvement on other fronts, such as privacy research, standardization, GDPR, ePrivacy, consulting, and so.

Some highlights of the things I did during the last year:

My aim related to the cyberwarfare project is - as was always the case to date - to remain as open as possible. In fact, I believe technical and research communities should be close to these matters. I would be happy to be the vehicle here. Policy should never be made in closed bubbles, shielded from expert input - especially technology policy.

I’m excited with what’s to come. But I am also keeping my involvement in the technical security and privacy research and development sphere, and open for interesting advisory opportunities. This applies to Privacy by Design, Privacy Impact Assessment, and other strategic aspects, including technology policy, too.