Kenji Kawakami started a useless revolution. Or perhaps better said, an un-useless revolution.
The art of Chindōgu, which Kenji Kawakami invented, is the art of creative problem solving. There are principles, of course. (Aren’t there always?) Chindōgu address real problems, like the shoe umbrellas keeping the top of our shoes dry. They aren’t useless. Unlike Rube Goldberg machines, Chindōgu emphasize simplicity and practicality. You must actually build a Chindōgu design for it to be considered a Chindōgu. Oh yes, Kawakami built chopsticks with a cooling fan. “There must be the spirit of anarchy,” goes one principle, and the resulting design makes people laugh by “finding an elaborate or unconventional solution to a problem.”
CyberSecurity needs a spirit of anarchy. Security needs a spirit of play. The reason many of us got into this line of work? It was fun. Perhaps security needs Chindōgu.
There’s no place in more need of the Chindōgu spirit than control selection. We have pages upon pages of standards. We have checklists with best practices. The audit and compliance team handed over a list of regulatory requirements. Forget all that. Get together over a whiteboard and start brainstorming. How can the team meet the most controls with the least effort? What’s a fun way to do some of the controls? Remember, not useless. Un-useless.
Once I led a workshop such as this. We ended up with a game of Mousetrap implemented with a series of Python scripts. As the adversary followed their attack path, like a marble rolling down the track, a series of humorous actions befell them. We had a blast.
The book 101 Un-Useless Japanese Inventions includes a telescoping hand for taking photos. Here’s the problem. A Chindōgu is a tool that a person could use, while paradoxically, a Chindōgu is a tool that no one would actually use. But the telescoping hand, or as it is known today, the selfie stick, took off. The stick graduated from Chindōgu to being useful, a must-have for tourists. Our Mousetrap scripts met a similar fate, serving as the inspiration and starting point for an Endpoint Detection and Response (EDR) platform.
Bringing back the playful anarchy unlocks our creativity. Toss aside the checklists. Have fun with the controls. Forget being productive for a moment. Forget being useful. Join the un-useless revolution. You’ll be surprised at where the security controls end up.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
Posted by