Everything is Right Somewhere – Design Monday

Archive for the ‘Design’ Category

Everything is Right Somewhere – Design Monday

Posted by

Modularity and reuse are top of mind when we design cybersecurity capabilities. Our design should break down into a number of building blocks. These can be technical, like network segmentation. Building blocks can be architectural, like a DMZ or demilitarized zone networks. At the top-level, we can have solution building blocks which are product-specific, such as VMware NSX micro-segmentation for untrusted networks. From technical to architectural to solution, we move up in specificity. This is great for reuse. But it does pose a problem, for a building block that’s perfectly right in one area can be perfectly wrong in another.

Think about it like a font. In fact, think about it like the world’s most controversial font: Comic Sans. Vincent Connare is a noted type designer who worked with Microsoft in the 1990s. In 1994, Connare drew inspiration from Marvel and DC comics to develop the new Sans font. The original use case was cartoon characters in an ill-fated Microsoft GUI. But the font outlived its original purpose. Why? Because it is kid-friendly, warm, and in direct contrast with most every other font on Windows and Mac. People love the font almost as much as people hate it.

The designer Corey Holms said once told The Guardian that “Comic Sans is proof positive that design works, the public gets it and understands that type means more than just words.”

Comic Sans is perfect for a playful comic. It’s perfectly wrong for warning signs about electrocution. Sure, use Comic Sans on an ice cream truck. Don’t use it on an ambulance. Buzzfeed has an entire listicle of several Comic Sans fails. The point is, the font isn’t wrong. The usage is.

Use building blocks thoughtfully. Everything is right somewhere. Nothing is right everywhere.


This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Security design, Ray-Bans, and phones – Recap

Posted by

Security design weekly recap for May 24-30.

This week: John A. Macready and Bausch & Lomb. The original Ray-Bans were designed for pilot safety. Then they became cool. In our cybersecurity program, do people experience our controls as safety goggles or as cool sunglasses? Principle: Hand out Ray-Bans not safety goggles

Previously: Bas van Abel and the Fairphone. Design the security program, say with NIST controls, tied to strongly held corporate values. If it can be done with a smartphone, it can be done with a security capability. Reinforce values to gain support, speed implementation, and further adoption. Principle: Frame the initiative: reinforce values

One thing more: You can listen to Bas van Abel on the TED stage: Changing the Way Products Are Made.

Ray-Bans over Safety Goggles – Design Monday

Posted by

A little-known fact: Ray-Bans are safety goggles. You wouldn’t know it today. You can pay a couple hundred to buy these as sunglasses from Luxottica. How Ray-Bans went from practical to luxury is a story with a lesson for developing implementation plans.

Let’s start in 1929. Flying was so new that the US Air Force didn’t even exist yet. Planes were rough, flying was dangerous, and pilots were the heroes. Whether you could see clearly was a matter of life or death. US Army Air Corps Colonel John A. Macready worked with Bausch & Lomb to make a better pair of safety goggles. The resulting Ray-Bans protected against glare and wouldn’t fog up, saving lives, and were quickly adopted by the pilots when they reached production in the 1930s.

That might be the end of the story. But a curious thing happened. Pilots were cool. Pilots wore Ray-Bans. Movie stars wanted to also be the cool hero. Next thing you know? James Dean and Audrey Hepburn are wearing Ray-Bans in movies like Rebel Without a Cause (1955) and Breakfast at Tiffany’s (1961). The glamorous pilot and the glamorous celebrity came together in Top Gun (1986). Ray-Bans had entered the public consciousness as the fashionable look. When the luxury brand Luxottica bought them in 1999, strangely, not a single headline read: “Luxottica Buys Seventy-Year-Old Safety Goggles.”

When we design a security capability, the final step is planning the implementation and migration. Buried in that process is stakeholder management. Dusty and forgotten, stakeholder management doesn’t get a lot of attention. We design the safety goggles and we hand them out. Done. But to do so is to waste a powerful force for adoption. Who are the James Deans and Audrey Hepburns of our organization? Can we reach these influencers? They are crucial to getting our new security capability adopted. Get them on-board is good. Even better and even rarer, get them to use what we’re building as a status symbol.

I’ll leave you with a personal example. This story happened back when I was responsible for security at a money management firm. These were early days. Expensive stock trading applications had two-factor authentication. The vendor would ship a physical 2FA token as part of enrollment. Because it was expensive, only the top traders had accounts with these applications. James and Audrey carrying tokens conveyed their access, privilege, and social status. Sounds strange, but back in the day? 2FA tokens were cool.

Consider your stakeholder management and adoption plan. How involved and excited are James and Audrey? It spells the difference between passing out safety goggles and sharing Ray-Ban Aviators.

Ray-Ban Aviators, Photography by Wikipedia

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Security design, denim jeans, and ugly cars – Recap

Posted by

Security design weekly recap for May 17-23.

This week: Bart Sights. In cybersecurity, when planning the implementation and ongoing operations, consider how the technology can wear in like jeans. Thoughtful design leads to a security capability which improves with age. Principle: Wear in, not wear out.

Previously: Think of Roberto Giolito who let his design be ugly where it didn’t matter, in order for the design to be Car of the Year where it did matter. Ruthlessly prioritize. Principle: Dare to be ugly.

One thing more: To learn more about Bart Sights, and more about denim jeans, check out The World According to Jeff Goldblum, episode 104, Denim.

Security Which Fits Like a Favorite Pair of Jeans – Design Monday

Posted by

Denim jeans are magical. Wear after wear, they mold themselves to ourselves. Denim jeans are hazardous. The way we produced these jeans in 1850s is far from eco-friendly. Jeans both document our personal experiences and reflect our societal shift towards environmentalism.

Denim also harbors a lesson for security capabilities. We’ll get back to that in a moment. But first, did you know Levi Strauss has a resident mad scientist?

That would be Bart Sights. Sights leads the Eureka Innovation Lab. When he joined Eureka, it didn’t look good. The techniques to produce and finish a pair of jeans used incredible amounts of water and left behind a bath of chemicals. Neither were concerns back in the 1850s when water was plentiful and production was a fraction of the scale it is today. To address this, Sights and his team kept the outcomes but tossed everything else. Starting with what makes jeans good jeans, the so called four Fs of fiber, fabric, fit and finish. Then working backwards to find different ways to achieve each. Eventually, Sights completely revolutionized the entire manufacturing process. Jeans stayed jeans. But the chemicals were filtered and recycled. And the water? Eureka’s process reduced water by 96%.

Bart Sights brought his love of denim and his need to innovate together, modernizing the means yet preserving the ends. The secret is to never forget where you are coming from. Sights’ earliest memory of denim goes back to getting three pairs of Levis ever school year. “I would watch with amazement as they changed and aged as I wore them every single day for a year, literally becoming a walking history of my experience and expression. To me, that is the magic of denim jeans.”

Patina. The design term for that sort of magic is patina. In jeans, this comes from the indigo dye and how it wears while being worn. Leather also develops a patina as it picks up oils from the skin and scuffs from the environment. The copper awning on your house oxidizing a lovely green? Patina. The counter-intuitive idea is using materials and creating designs which get better with age and use. The object becomes etched, documentation of where it has been, nostalgia manifest. If you’ve wondered why we love such items, now you know.

In cybersecurity, having people love us is a high target. Perhaps even out of reach. Still. When planning the implementation and ongoing operations, consider how the technology can develop a patina. Tuning a SIEM is one example, with each time making the rules and reports more comfortable. Machine learning has a natural patina as exposure to data wears it in and shapes it to reflect our organization. So, ML on email for fraud detection is another IT example. On the process side, slot time into operations to smooth out edges and improve the work. Much like Bart Sights re-envisioning production while keeping true to the outcomes, we too can squeeze a lot of water out of the process. Thoughtful design leads to a security capability which improves with age.

Design to wear in not wear out.

Cybersecurity that fits like a favorite pair of jeans, photography Blake Burkhart

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Security Architecture Principles – Design Monday

Posted by

Clack. Clack. Two hands. Hunt and peck typing. Clack. Clack. The beautiful red Valentine typewriter. Clack. Dieter Rams at his desk. This is the opening shot of the Rams documentary. What is he typing? Ten principles for good design.

An entire series of articles could be written applying Dieter Rams‘ principles to cybersecurity. This is not that. Instead, let’s look to Rams as an example of creating and living with principles.

What makes a good architecture principle? It makes a statement. “Good design is honest,” Dieter Rams might type out. “Buy not build” is one I often encounter. A good architecture principle has a rationale. “It does not make a product more innovative, powerful or valuable than it really is. It does not attempt to manipulate the consumer with promises that cannot be kept.” For buy not build, our development resources are valuable and must be deployed only in areas where there is a clear advantage and where an existing solution doesn’t satisfy the majority of our needs. Finally, a good principle makes an impact. It has implications for later decisions.

“I like orderly confusion very much. But this is neither orderly nor properly confused.” Dieter Rams says about an hour into the documentary, while evaluating objects against his esthetic and principles. “Others may like it. I do not.” A set of good architecture principles enables the team to make decisions. These decisions may be very different from other security teams, even other security teams in similar industries and at similar times. The success of a security architecture depends not upon the individual decisions. Rather, success depends on the consistency across decisions, initiatives, and capabilities. Consistency through principles.

Consistency poses a challenge. The same thing means different things to different people. For architecture principles to work, the team must debate implications and applications. An example of this comes in the documentary when Mark Adams walks Dieter Rams through the new Vitsoe headquarters. For background, Adams is the managing director of Vitsoe, the firm which produces Rams’ furniture. “I want it to be completely honest that that is a fire barrier,” Adams explains. But is it honest? And does the honesty balance against the other principles? After a moment of thought, Rams says simply: “It’s a little bit irritating.” After some back and forth, they decide to sand it and blend it in. (In the photo below, you can see the resulting gray fire panels.) The moment captures this discussion of application. Principles live through debate.

Be principled. Develop a small set of architectural principles to guide the technical design. Live with them. Argue them. Disagree and commit. Apply and iterate them. But be principled.

Vitsoe London Headquarters, Photography by Vitsoe.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

One Metaphor at a Time – Design Monday

Posted by

I first saw the LC4 Chaise Longueat the Die Neue Sammlung in Munich. I did not, however, see a cowboy.

Charlotte Perriand was inspired by the American cowboy, stretched out, feet up, lounging after a long hard day’s work. This inspiration carried over into the LC4 Chaise Longue chair. Perriand was also a bit punk, and would fit in well with today’s hacker and maker community. “Perriand embodied l’esprit nouveau. She was often pictured wearing a homemade ball-bearing necklace, giving her the look of a lithe component plucked from a finely tuned machine.” Her impressive career stretched decades and focused mainly on architecture. But back to the LC4 Chaise Longue, designed early in her career while with Le Corbusier. More specifically, back to the inspiring metaphor.          

Technology advances at the speed in which new metaphors are identified, shared, adopted, and absorbed. Metaphors make the new feel familiar. Metaphors provide the language and mental models for discussing and thinking. Our minds love easy to recall and easy to consider ideas, and so these ideas are more readily adopted. But then a curious thing happens. The more we learn and play with the idea, the less we need the metaphor, and eventually the metaphor fades away altogether. This is the point where a new set of innovations and ideas emerges, along with a new set of metaphors, and the cycle repeats.

Around 1930, Perriand applies the metaphor of the lounging cowboy to the LC4 Chaise Longue. Twenty years later, around 1950, Børge Mogensen applies the metaphor of Perriand’s chair to Morgensen’s Hunting Chair. And twenty years after that, we have lawn furniture inspired by Mogensen and Perriand. Nearly a hundred years later, none of us look at deck furniture on a cruise ship and see a cowboy. We don’t need to. Culture has absorbed the metaphor.

The same pattern happens in IT, albeit at a much faster pace, leading to three considerations for designing security capabilities. First, cultivate a garden of metaphors. We need inspiration to innovate and, perhaps more importantly, we need to inspire to our organizations. Second, don’t move security along faster than the metaphor. Organization need time to adopt and absorb our metaphors. Go too fast, skip metaphors along the way, and we’ll lose people, which will hinder or even stop the organization from adopting our security practice. Beware the curse of knowledge. Finally, increment the metaphors while incrementing the design. Think in stages.

From the castle to the perimeter firewall, from the perimeter to network segmentation, from network segmentation to micro-segmentation, take it one comparison at a time.

C4 Chaise Longue, designed by Charlotte Perriand, Le Corbusier, 1928-1930.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Empathy is the Heartbeat – Design Monday

Posted by

On a recent webinar, an attendee asked how we should talk to our end-users about passwordless authentication. My answer: don’t.

Look to Doug Dietz to understand why. Dietz is the principal design thinker at GE Healthcare. The book Creative Confidence featured his work on MRIs for children. Originally, the MRI was a technologist’s technology. This meant it scared the kids, often to the point of them needing sedation. Dietz realized this and redesigned the MRI as an experience attractive to kids. The key insight was empathy. To paraphrase Dietz’s TED talk, “Empathy at the beginning sets the heartbeat of the project. When you move forward into the iteration and prototyping and some of the design phases you go through, you need to refocus and see what the empathy was that got you started.”

We don’t talk to kids about the MRI. We talk to them about the jungle experience. We don’t talk to end-users about passwordless. We talk to them about a more enjoyable work experience.

When designing security, we start with the vision, the business capabilities, and the business outcomes. We begin with empathy and then, as Dietz put it, let empathy be the heartbeat through the design process. Don’t do this, and we end up with the equivalent of the MRI machine. That is, security which people avoid and workaround. Possibly security that will have people wanting to be sedated. Good design creates security experiences that people adopt and, in rare but exciting cases, actually enjoy.

Empathy is incredibly hard. Seeing the world through someone else’s eyes always is. It is doing the hard things that elevates design.

GE Healthcare children’s MRI, photography School Nutrition Association.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Reinforce Values – Design Monday

Posted by

Bas van Abel found his personal values in conflict with his technology use. Namely, his phone. He set out to bring these two into alignment and, in doing so, designed a phone and launched a company in 2013. The Fairphone aims to be as socially conscientious as possible throughout the supply chain and throughout the lifecycle. Fair mining of raw materials. Fair manufacturing conditions. Fair trade. Also, dear to the hacker ethic? Repairable and modifiable. Build a fairer phone, build a fairer world, that was the design inspiration. You can listen to Bas van Abel on the TED stage: Changing the Way Products Are Made.

People have strong personal values. Companies have corporate values. Hopefully, these values are in alignment. Ideally, people and companies follow their values. If they don’t, well, then values aren’t much of a design consideration. But when we have stakeholders with strong values or a value-driven corporate culture, adoption of our security controls goes much faster and much farther when the security design reflects those same values. Before you think IT security can’t reflect values, remember people thought the same about phones before Fairphone.

It will take work to frame the initiative in terms of values. For example, imagine our initiative is a Zero Trust Architecture and our corporate values include an open culture and a culture of trust. At first glance, the security and the value are at odds. But hold on. What if we position ZTA to increase the openness where possible, while reducing access only where risky? Good. What if we use ZTA as a technology to codify a culture of trust? Better. This example is one initiative but the idea scales. We can design a full security program, say with NIST controls, tied to strongly held corporate values.

If it can be done with a smartphone, it can be done with a security capability. Reinforce values to gain support, speed implementation, and further adoption.

Design reflects values. Photograph: Fairphone

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Prioritizing Use Cases – Design Monday

Posted by

Roberto Giolito has the distinction of winning Car of the Year and Ugliest Car. Both from Top Gear. Both in the same year. Both for the same car. That would be the Fiat Multipla.

To call the Fiat Multipla ugly is to miss the point. It certainly is no looker. The length is shorter than a typical car. The height? Taller. The resulting car looks squat and boxy. But as they say, beauty is on the inside. In fact, the New York Museum of Modern Art (MOMA) showcased the interior. The dash is as highly usable as it is highly unconventional. It seats six comfortably. The large windows create a feeling of space. Small but spacious and maneuverable. The point of this car is to completely satisfy one use case: living the European life while driving the crowded European streets.

When we are designing security capabilities, we start with the use cases. No, that’s too many use cases. Put one back. Still too many, put another one back. There. Good. We start with a few specific use cases and then get to work. Our goal is to fully satisfy these use cases given our limited resources. We will have to make trade-offs. That’s the nature of prioritizing. And when we do? Think of Roberto Giolito who let his design be ugly where it didn’t matter, in order for the design to be Car of the Year where it did matter. Ruthlessly prioritize. Dare to be ugly.


This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.