Security Which Fits Like a Favorite Pair of Jeans – Design Monday

Archive for May, 2021

Security Which Fits Like a Favorite Pair of Jeans – Design Monday

Posted by

Denim jeans are magical. Wear after wear, they mold themselves to ourselves. Denim jeans are hazardous. The way we produced these jeans in 1850s is far from eco-friendly. Jeans both document our personal experiences and reflect our societal shift towards environmentalism.

Denim also harbors a lesson for security capabilities. We’ll get back to that in a moment. But first, did you know Levi Strauss has a resident mad scientist?

That would be Bart Sights. Sights leads the Eureka Innovation Lab. When he joined Eureka, it didn’t look good. The techniques to produce and finish a pair of jeans used incredible amounts of water and left behind a bath of chemicals. Neither were concerns back in the 1850s when water was plentiful and production was a fraction of the scale it is today. To address this, Sights and his team kept the outcomes but tossed everything else. Starting with what makes jeans good jeans, the so called four Fs of fiber, fabric, fit and finish. Then working backwards to find different ways to achieve each. Eventually, Sights completely revolutionized the entire manufacturing process. Jeans stayed jeans. But the chemicals were filtered and recycled. And the water? Eureka’s process reduced water by 96%.

Bart Sights brought his love of denim and his need to innovate together, modernizing the means yet preserving the ends. The secret is to never forget where you are coming from. Sights’ earliest memory of denim goes back to getting three pairs of Levis ever school year. “I would watch with amazement as they changed and aged as I wore them every single day for a year, literally becoming a walking history of my experience and expression. To me, that is the magic of denim jeans.”

Patina. The design term for that sort of magic is patina. In jeans, this comes from the indigo dye and how it wears while being worn. Leather also develops a patina as it picks up oils from the skin and scuffs from the environment. The copper awning on your house oxidizing a lovely green? Patina. The counter-intuitive idea is using materials and creating designs which get better with age and use. The object becomes etched, documentation of where it has been, nostalgia manifest. If you’ve wondered why we love such items, now you know.

In cybersecurity, having people love us is a high target. Perhaps even out of reach. Still. When planning the implementation and ongoing operations, consider how the technology can develop a patina. Tuning a SIEM is one example, with each time making the rules and reports more comfortable. Machine learning has a natural patina as exposure to data wears it in and shapes it to reflect our organization. So, ML on email for fraud detection is another IT example. On the process side, slot time into operations to smooth out edges and improve the work. Much like Bart Sights re-envisioning production while keeping true to the outcomes, we too can squeeze a lot of water out of the process. Thoughtful design leads to a security capability which improves with age.

Design to wear in not wear out.

Cybersecurity that fits like a favorite pair of jeans, photography Blake Burkhart

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Look back to future plans – Design Monday

Posted by

The future won’t follow the futurists. Never does. This is problematic when designing security for the future. We know this. That might be why security presentations about the future often ask the tough questions. Where’s our jetpack? Where’s our flying car? Where’s our round house above the clouds?

Let’s answer one of these. Right here. Right now.

The House of the Future

Futuro was the closest we came to the round houses of science fiction. Designed in 1965 by Matti Suuronen as a ski cabin, the sleek Futuro resembles a plastic flying saucer. The owner of the ski cabin loved it. Absolutely loved it. Fresh from this success, Suuronen turned towards mass production of the house. The resulting retail price was less than half the cost of American homes at the time. When mankind landed on the moon in 1969, there was a wave of interest in space. Everything space-themed was suddenly trendy. Futuro was affordable, stylish, and well-timed.

And then? After about a hundred Futuro pods were produced, the entire line was shuttered.

When trying to predict the future, security leaders often look to peers. Who has done a similar project before? What worked well, and where did they stumble? It’s a valuable source of insights for project planning and project risk management. There’s another area, however, that’s often overlooked. What happened here, in our organization, in our past?

The Futuro story offers a few lessons:

  • The house landed too far outside of Most Advanced, Yet Acceptable (MAYA) Remember the first house, the ski cabin? The locals held public protests. Futuro was too different to be acceptable.
  • Like Wallace Neff’s concrete bubble houses, like Buckminster Fuller’s aluminum Dymaxion house, the round Futuro didn’t offer a comfortable living experience. Round houses are a struggle when so much is optimized for the rectangular. Futuro wasn’t human-centric.
  • The economics didn’t work out as planned. Yes, the house was half the cost of a typical American house. But it was a third of the size. Moreover, there were many unexpected costs in delivery and installation. The oil crisis in 1973 dealt a final blow as raw material costs skyrocketed. Futuro’s initial total cost of ownership was unaffordable.

Looking Back on the Future

I visited my first Futuro during a trip in Europe. The Futuro offered this look back at a more optimistic time. A time when jetpacks and flying cars were within reach. I keenly felt the gulf between the future we predicted and the future we lived.

We gap assess all the time in security. What’s the compliance standard for this IT environment, and where do we fall short? Given the reference model for this security capability, and how do we measure up? What’s the gap between our approach and our peers in the industry? But rarely do we look inward, look backward, look at the gap between our expectation and our execution.

Find your organization’s Futuro, those projects with great promise which fizzled. Look there for lessons to apply to your next security project.


Futuro House in Carlisle, Ohio, with DMC DeLorean. Photography by Jeremy Popp.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.