Five Minutes With: A Cybersecurity Professor

Kevin Curran warns that the fragmentation of security standards is raising the cost of compliance

What was your route into cybersecurity?

I fell in love with computers at the age of 15. I went on to study computer science and worked in several different companies before returning to academia. My primary focus has always been on computer networks, and a natural progression was moving into cybersecurity. I could see that the internet was becoming the fabric of society, yet it was not built with security in mind. In fact, during my first 20 years of using computers, they did not even require passwords.

If you could retrain for a dream job, what would it be?

I would retrain in finance. Not only is the sector intellectually stimulating, but it has obvious financial benefits. That said, money isn’t the answer to the more important things in life.

What has been your most challenging role to date?

Software developer. I started programming before the internet existed, when one could only rely on manuals or the help of colleagues. There were several software projects where I lost sleep, as I doubted my ability to complete them within a reasonable time limit.

What’s the biggest misconception about cybersecurity?

The biggest misconception is that major technology companies are literally spying on us through webcams and voice assistants. These companies have enough ‘signals’ from our account activity through less intrusive tracking methods.

What’s the best and worst thing about your job?

The best thing is the freedom to pursue academic interests without the pressure of building customer-facing products. I can also work with industry through consultancy, which allows me to see what problems they face. That’s the best of both worlds. The worst thing is the long hours. Academics wear many hats, and it can be challenging to switch off or take a holiday.

What’s the biggest as-yet-unsolved problem in cybersecurity?

Identity. If we could always determine that Joe Bloggs was truly the person behind the account, then we would not see many compromises. We have improved greatly through techniques such as multi-factor authentication, biometrics and enhanced authentication, but these can all be bypassed by a determined third-party.

Is there a risk that global cybersecurity standards are fragmenting?

Global cybersecurity standards are diverging as regions pursue different strategies. The EU enforces strict regulatory frameworks such as NIS2 and the Cybersecurity Act, while the US combines voluntary standards with sector-specific mandates and NIST guidance. China links cybersecurity to state security with tight data and technology controls, and countries such as India, Russia, and Gulf states introduce their own rules, often requiring data localisation. This patchwork forces international businesses to navigate conflicting requirements, raising compliance costs and slowing the adoption of best practices. Fragmentation also undermines global resilience as cyber threats transcend borders and exploit gaps between jurisdictions.

Tell us a guilty secret

I have not locked my house since I moved in three years ago. And I haven’t locked my car in 10 years.