inspiration and energy beyond Trondheim

For pandemic reasons, the 25th conference on Innovation and Technology in Computer Science Education (ITiCSE) had to relocate from Trondheim to Moodle and Zoom.

This was my first ITiCSE. While attendees on other continents were struggling with time-zone differences, I enjoyed travel-less conferencing at my desk. The virtual format worked surprisingly well with a few tolerable glitches.

My main take-aways were inspiration, energy and pointers to new resources in the real world of non-security specialists.


Zeke Wolf has an image problem

From Joakim 8/1980

The Big Bad Wolf is a pathetic figure. He tries to be evil but his actions fail and turn out well. Others cheer him. The humiliation!

So what? Yes, he's fiction. And yet we can learn something.

In InfoSec, we subdivide Threat Sources into the dichotomy intentional/accidental. Villainous Zeke is clearly intentional, he wants to Be Bad. But he always fails. How do we categorise such an actor? Let's think of Threat Sources in terms of their effectiveness. The Three Little Pigs have learned to do just that.


others on risk

Blogs have their lifecycle.

In fact, the blog format has passed its hype and entered what some would call a plateau of productivity.

A blog list is a nice feature, with active feeds bubbling to the top. RSS feeds might seem out of fashion. Still, being able to subscribe to tailored channels is a powerful technique.

Blogs appear, develop and fade. My blog list others on risk (see the sidebar) has been a tad neglected. Some members have been silent for years. Others have now taken their places. Enjoy!


mind those misses

An article in HBR suggests a way to avoid catastrophes by focusing on near misses, situations where luck saved the day.

The authors describe how latent errors (such as gas leakage at an oil rig) combine with enabling conditions (a windless day or a welder working nearby) to cause failure (think of the BP Gulf disaster).

Lessons for InfoSec are to leverage incident reporting to catch smaller mishaps and to explicitly manage vulnerabilities as a precursor to risk identification with threat sources.


an educator thinking aloud

I've been tweeting and blogging about my educator role, sharing ideas and occasional glimpses of content from seminars and courses. The goal is to "think aloud" when developing new material, while being more transparent about my narrative.

At first, I tried collecting these in Twitter Moments. That format has turned out to be unstable, even unworkable, so I'm pinning my hopes now on Twitter's Collections feature.

Please find the "Teaching" Collection under a tab of its own at the top of the page.