While many in risk management or cyber security reference standards and leading practices, it can often be based on tacit acceptance, rather than deep research.  There is an argument that that research is too slow compared to commercial solutions, especially considering our current threat landscape and resource constraints.  This episode explores the possibility of a middle ground and challenges a few assumptions along the way, it turns out things haven't chanced that much since the 1970's. An unplanned discussion with one of the co-hosts regarding the "science of cyber security" led to an interview with Doug Millward, a computer scientist who spend many years in SCADA engineering, programing and system architecture before completing post graduate studies in higher education.   Combining real world computer science and security knowledge with academic skills led Mr. Millward to becoming a senior lecturer at Wolverhampton University, teaching at all levels from HND to Masters, designing a number of Security and Computer Science modules and also working as a lead researcher on the Biolive project - examining privacy issues for vulnerable adults. Doug Millward is now teaching at Kaplan/ the University of Essex Online where he has designed and taught a number of computer science modules at Masters level, specialising in Cyber Security.   Doug is actively involved in research around cybersecurity, specialising in designing and modelling security in composable systems, the use of secure languages and data representations, and the application of risk frameworks and taxonomies at both the micro and macro levels.