The architect Robert AM Stern once said, “architects don’t copy, they quote.” Perhaps our problem is when we copy best practices. So here’s a way to quote when designing a security capability.
Watch more videos on my YouTube channel.
Douglas Engelbart versus Marvin Minsky, IA versus AI – Take Five for CyberSecurity
March 31, 2020Contrast the RSA Conference’s theme of the Human Element and the vendors’ theme of AI/ML appliances. This debate between intelligence augmentation and artificial intelligence has a long history, going all the way back to Douglas Engelbart versus Marvin Minsky. Let’s look at the history and look at the use cases for AI/ML in today’s security operations.
Watch more videos on my YouTube channel.
Valuing Assets – Design Monday
March 30, 2020The staring red camera and chillingly calm voice of HAL 9000 inspired and unnerved a generation of IT people. It’s well known that Arthur C. Clarke drew inspiration from IBM to name HAL. But where did the 9000 come from? This traces back to the first Italian mainframe: the Elea 9000. Look at photos of the Elea 9000 and the HAL 9000 in Discovery One, and you will see some visual similarities too. The Elea 9000 had a certain beauty, owed in part to Ettore Sottsass.
Ettore Sottsass was a design consultant for Elea 9003 in the 1950s. In the 1960s, Sottsass would design the iconic Valentine typewriter. From the heights of technology, Sottsass turned his talent to furniture. Chairs. If you’re thinking that’s an odd choice, you’re not alone. Many asked him about this shift. “A chair must be really important as an object, because my mother always told me to offer my chair to a lady,” Sottsass reportedly said. And so he focused on chairs.
There is a lesson here for security. A fundamental is evaluating the value of an asset to determine what is at risk. Of the ways to determine this, the most common are what the asset generates for the organization and what it would cost the organization to replace it. Both measured in dollars. That’s great for computers and typewriters, but what about chairs? Put a different way, quantitative approaches overlook the significance people put on our tools. Securing by what we can measure in dollars leads to decisions which are blind to the human factors.
“I’m sorry, Dave. I’m afraid I can’t do that.” I get chills every time I hear that line. There’s something cold about mechanically making decisions based purely on numbers. When introducing human-centric design to our security programs, we must consider all the ways people determine value. Remember the subjective. Remember the chairs.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
Password Filter DLL – Take Five for CyberSecurity
March 27, 2020During the Windows login process, a cleartext password will get shared with the password filters. Sure, this can be used for defense. But it can also be used by criminals to steal passwords.
Watch more videos on my YouTube channel.
Attack of the Killer Fonts – Take Five for CyberSecurity
March 26, 2020A shout-out to one of my favorite typography designers, and a warning about a 0-day exploit in Microsoft Windows.
For more information, visit:
https://ift.tt/3brmQK2
https://ift.tt/2xoAwa8
Watch more videos on my YouTube channel.
Designing Security Capabilities like Laptops – Take Five for CyberSecurity
March 24, 2020One of my favorite stories of the early days of Silicon Valley is Bill Moggridge and the Grid Compass. Here’s how to apply it to building a security capability.
Watch more videos on my YouTube channel.
Principles for Designing Security Capabilities
March 23, 2020Security leaders have a bold vision. Leaders have a grand strategy. Leaders excite and engage people to get things done. Along the way, leaders make decisions.
This blog series is about making better decisions. IT security is a new discipline. But creativity and ingenuity are as old as humanity. Week by week, we’ll look to artisans, to architects, and to designers. We’ll uncover principles we can apply to lead and to design security capabilities.
Latest Design Article
Pilot with chaos. Cyber security is complex. The proverbial butterfly flapping its wings in Brazil producing tornado in the United States. Thankfully, we have chaos theory and security chaos engineering.
– Read the latest design article –
Cyber Security Design Principles:
- Set the vision
- Protect the organization
- Define the security capability
- Develop the technology architecture
- Determine the security controls
- Don’t listen to all the music
- Find your own way without brainstorming or crowdsourcing
- Be ahead of the curve and ahead of the criminals
- Balance depth with economy of mechanism
- Shape the conversation with careful choices
- Start with minimum viable security
- Add details to make end-users happy: add some nice rims
- Identify improvements as security matures
- Good security has the aesthetics of a good coffee pot
- Plan the implementation and transition
Finally: Here are some of my folksy sayings on cybersecurity leadership and design.
How Many Days Before Malware Detonates – Take Five for CyberSecurity
March 20, 2020New data from FireEye shows malware authors are waiting days before detonating and executing. Why is this, and what does this mean for the defense?
Watch more videos on my YouTube channel.
Books on Design, Research, Prototyping, and Sustainability
March 3, 2020
The Design of Everyday Things, By Don Norman (W)
The Art of Innovation: Lessons in Creativity From IDEO, America’s Leading Design Firm, (2001) By Tom Kelley and Jonathan Littma (W)
Design and Marketing of New Products, Prentice-Hall, Second Edition 1993, By Urban, G. L. And J. R. Hauser
Designing for Growth: A Design Thinking Tool Kit for Managers, By Jeanne Liedtka, Tim Ogilvie, Columbia University Press
Designing for The Digital Age: How to Create Human-Centered Products and Services, By Kim Goodwin
The Principles of Product Development Flow: Second Generation Lean Product Development, By Donald G. Reinertsen
User Experience Revolution, By Paul Boag
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play, By Cliff Kuang and Robert Fabricant (W)
Services
Service Innovation: How to Go from Customer Needs to Breakthrough Services, By Lance A. Bettencourt
This Is Service Design Thinking: Basics-Tools-Cases, Kindle Edition, By Mark Stickdorn
The Handbook of Service Innovation, By Renu Agarwal, Willem Selen, Göran Roos, and Roy Green
Research
Design Research: Methods and Perspectives, By Brenda Laurel
Research Methods for Product Design, By Alex Milton And Paul Rodgers
Well-Designed: How to Use Empathy to Create Products People Love, By Jon Kolko
Prototyping
Paper Prototyping: The Fast and Easy Way to Design And Refine User Interfaces, By Carolyn Snyder
Product Design and Development, By Karl Ulrich, Steven Eppinger, and Maria C. Yang
Roadmap
Product Roadmaps Relaunched: How to Set Direction While Embracing Uncertainty, By C. Todd Lombardo, Bruce Mccarthy, Evan Ryan, Michael Connors (W)
Environmental Sustainability
Design for The Environment: Creating Eco-Efficient Products and Processes, By Joseph Fiksel, Mcgraw Hill, New York, 1996
Integrating Environment and Technology: Design for Environment, In The Greening of Industrial Ecosystems, By B.R Allenby, National Academy Press, Washington, DC, 1994
USA Today: Dear Passwords, Forget You
February 29, 2020Do you hate remembering passwords? Soon, you may be able to forget them for good.
Excerpt from: Dear Passwords: Forget You.
“We are moving into a world which we’re calling passwordless, which is the ability for our applications, devices and computers to recognize us by something other than the old-fashioned password,” says Wolfgang Goerlich, advisory chief information security officer for Cisco-owned security firm Duo.
Goerlich estimates that within five years, we could be logging into most of our online accounts the same way we unlock our phones. And then we will be able to finally break up with passwords for good.
What will replace them? That’s a bit more complicated.
Read the full article: https://www.usatoday.com/story/tech/2020/02/28/data-breaches-hackers-passwords/4870309002/
This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.