Lessons from a Hacker: Cyber Concepts for Policymakers

Lillian Ablon holding her DEF CON Badge

Lillian Ablon is the first female to earn a DEF CON black badge, awarded to the winner of the DEF CON 21 Challenge, a social engineering competition.

Photo by Diane Baldwin/RAND Photography


Monday, September 14, 2015


2:00 p.m. – 3:00 p.m.


2168 Rayburn House Office Building (Gold Room)
Washington, D.C.


About the Program

The continuing debate over cybersecurity bills in the 114th Congress reflects the new reality that the protection of cyberspace has become a vital national interest because of its importance to almost every sector of society—from defense to healthcare to financial services.

So what do policymakers need to know as they confront these issues? Learn the basics of cyber and information security and gain insights into some of the complexities of cybersecurity policymaking from a DEF CON black badge winner (who also happens to be a RAND researcher).

This briefing focuses on

  • Key tenets of cyber and information security,
  • Why software vulnerabilities are a big deal and the components of cyber risk beyond the threat,
  • Motivations of various cyber threats actors, what they exploit, and why you should care, and
  • Considerations for policymakers.

About the Speaker

Lillian Ablon is a researcher at the RAND Corporation and a professor at the Pardee RAND Graduate School. She conducts technical and policy research on topics spanning cybersecurity, privacy and security in the digital age, emerging technologies, computer network operations, digital exhaust, and the human element. Recent research topics include depicting the cybersecurity landscape and the challenges defenders face; examining security risk for the health sector; describing the underground black markets for cybercrime tools and stolen data, as well as the white, grey, and black markets for zero-day exploits; harnessing social engineering and open source intelligence; exploring methods for zero-day vulnerability detection; evaluating tools and technologies for greater cyber situational awareness; describing the 2020-2040 operating environment based on technology trends; and addressing privacy and security concerns surrounding one’s online digital footprint.

Prior to joining RAND, Ms. Ablon worked with and created some of the most cutting edge technologies in cryptography, network exploitation and vulnerability analysis, and mathematics to tackle some of the United States Government’s most unique and complex problems. She won a coveted "black badge" at the DEF CON 21 hacker conference, and holds degrees in mathematics from Johns Hopkins University and the University of California, Berkeley.

Further Inquiries

For more information about this event, contact ocr@rand.org.

View calendar of congressional briefings View congressional briefings by topic