inspiration and energy beyond Trondheim

For pandemic reasons, the 25th conference on Innovation and Technology in Computer Science Education (ITiCSE) had to relocate from Trondheim to Moodle and Zoom.

This was my first ITiCSE. While attendees on other continents were struggling with time-zone differences, I enjoyed travel-less conferencing at my desk. The virtual format worked surprisingly well with a few tolerable glitches.

My main take-aways were inspiration, energy and pointers to new resources in the real world of non-security specialists.

Zeke Wolf has an image problem

From Joakim 8/1980

The Big Bad Wolf is a pathetic figure. He tries to be evil but his actions fail and turn out well. Others cheer him. The humiliation!

So what? Yes, he's fiction. And yet we can learn something.

In InfoSec, we subdivide Threat Sources into the dichotomy intentional/accidental. Villainous Zeke is clearly intentional, he wants to Be Bad. But he always fails. How do we categorise such an actor? Let's think of Threat Sources in terms of their effectiveness. The Three Little Pigs have learned to do just that.

others on risk

Blogs have their lifecycle.

In fact, the blog format has passed its hype and entered what some would call a plateau of productivity.

A blog list is a nice feature, with active feeds bubbling to the top. RSS feeds might seem out of fashion. Still, being able to subscribe to tailored channels is a powerful technique.

Blogs appear, develop and fade. My blog list others on risk (see the sidebar) has been a tad neglected. Some members have been silent for years. Others have now taken their places. Enjoy!

mind those misses

An article in HBR suggests a way to avoid catastrophes by focusing on near misses, situations where luck saved the day.

The authors describe how latent errors (such as gas leakage at an oil rig) combine with enabling conditions (a windless day or a welder working nearby) to cause failure (think of the BP Gulf disaster).

Lessons for InfoSec are to leverage incident reporting to catch smaller mishaps and to explicitly manage vulnerabilities as a precursor to risk identification with threat sources.

an educator thinking aloud

I've been tweeting and blogging about my educator role, sharing ideas and occasional glimpses of content from seminars and courses. The goal is to "think aloud" when developing new material, while being more transparent about my narrative.

At first, I tried collecting these in Twitter Moments. That format has turned out to be unstable, even unworkable, so I'm pinning my hopes now on Twitter's Collections feature.

Please find the "Teaching" Collection under a tab of its own at the top of the page.

Kilomba on Ignorance

Artist Grada Kilomba's captivating film trilogy Illusions addresses human rights in our time using well-known fables such as Narcissus and Echo.

She challenges our perception of ignorance as merely a reflection of legitimate lack of access rights. What if, asks Kilomba, ignorance itself is a reflection of privilege?

one does not know,
one does not have to know,
and one should not know.

Such a multiple layer of ignorances could offer a comfortable distance to wrongs and thereby stifle accountability.

carved in stone

I guess time has caught up with Swedish expressionist artist and sculptor Siri Derkert.

In my youth I used to think of her blasted concrete subway artworks as dull and self-important. (Then again, I couldn't be bothered to care about any contemporary art.)

Now, what I see is instead grace and materiality and Siri's timeless thoughts of peace and women are gaining a renewed sense of urgency in this day and age.

Here is Derkert's Study for Female Pillar, part of the collection at Moderna museet.

sampling Trockel

I spend lots of time in art exhibitions these days. My favourite is Moderna museet which has become sort of second home when I've got time on my hands.

Taking photos of pictures might sound pointless but I like experimenting with "sampling" artworks into bits and pieces and then having these rearranged into a photo collage.

Rosemarie Trockel has knitted a monochrome After The Hunt. With wool yarn and wood she challenges how pictures are supposed to be made. And here is my attempt at sampling Trockel.

a student, a volunteer and a consultant

After five years as an employed consultant, I will continue under my own flag. In recent years I've been privileged to teach Information Security which is superb training from a generalist perspective, but now I will refocus on Information Risk in three different ways. First, I will return to the university to dig deeper in the theory realm of risk. Second, I might do a bit of volunteering in a "security advisor" capacity. Last but not least, there should be room for some consulting as an educator.

on maturity and abstraction

What is Security Architecture and what does it take for an organisation to master this domain?

Operativ informationssäkerhet in April welcomed six guest lecturers.

Sebastian Åkerman offered a maturity perspective on architecture and helped us navigate between properties, controls, mechanisms and components.

Other guest sessions covered Safe UX, Crisis Management, agile ideology, Business Continuity and Secure Development.

Two group exercises and an individual assignment took us from theory to practice.