Enacting Expertise: Ritual and Risk in Cybersecurity

Abstract

This article applies the concept of ritual to cybersecurity expertise, beginning with the cybersecurity "skills gap": the perceived lack of suitably qualified professionals necessary to tackle contemporary cybersecurity challenges. It proposes that cybersecurity expertise is best understood as a skilled performance which satisfies decision-makers' demands for risk management. This alternative understanding of cybersecurity expertise enables investigation of the types of performance involved in key events which congregate experts together: cybersecurity conferences. The article makes two key claims, which are empirically based on participant observation of cybersecurity conferences in the Middle East. First, that cybersecurity conferences are ritualized activities which create an expert community across international boundaries despite significant political and social differences. Second, that the ritualized physical separation between disinterested knowledge-sharing and commercial advertisement at these conferences enacts an ideal of "pure" cybersecurity expertise rarely encountered elsewhere, without which the claims to knowledge made by cybersecurity experts would be greatly undermined. The approach taken in this article is thus a new direction for cybersecurity research, with significant implications for other areas of international politics.