| website | https://infosec.press/security-through-the-looking-glass/ |
hex_m_hell
- 12 Followers
- 32 Following
- 15 Posts
Slightly more professional alt of @Hex
πΊπ¦ haxadecimal π«πI think that most people who work in computer security do not actually understand what #security should do.
Continuing my deep dive into a #cybernetic #ComputerSecurity program, I finally begin to talk about environments, adaptation, the feedback loop between the two, and complexity management.
I also mention Elinor Ostrom. If you work in security and don't know why I'd mention Ostrom, then you may well radically adjust your perspective about what you do after reading this.
Alright security program wonks. I've been crossing Operational Art (Counterinsurgency theory) with #cybernetics (Beer's VSM) and I've created an ungodly abomination that I'm starting to write about: a vision for a VSM informed security program, putting the "cyber" back in #cybersecurity to manage the spiraling complexity that we all recognize.
I'm starting by sharing it here because I think Mastodon tends to give better and more helpful feedback than other platforms. Feedback is welcome and appreciated.
Oh hey, and there's also this: https://play.backdoorsandbreaches.com/
CISA does have tabletop exercise packages:
https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
Do any folks here use table top exercises to refine their incident response runbooks? Why, or why not? Is this idea new to you, or something you're familiar with?
I'm trying to get back in to technical writing, so I've written a bit about my experiences with table top exercises, and ideas that I think are worth sharing.
https://infosec.press/security-through-the-looking-glass/table-top-security-exercises
Feedback is welcome, especially editing. I'm still working on refining my process.
@cure53 When I was working with the IWW-GDC, one of the things that made it possible to bootstrap the Seattle GDC under pressure was the "GDC in a Box." It was a zip-file that had a directory structure, templates, etc. Basically, you unzip, read the README, and go.
I feel like there's room to put together some kind of "Hacker's Guild" to organize something like this. Coming from anarchist organizing, I imagine a very different set of possibilities. Like, what stops us from building a federated worker-owned network of consultancies? The consultancies I worked at tended to be started by people who left consultancies that were good and shifted to profit over people. I left those for a very similar reason. It seems like this is just a pattern that keeps repeating.
I feel a pull to start my own thing, but I don't want to just repeat the pattern. But I've experienced ways of working together outside of capitalism. I can imagine better things, because I've lived them.
I've read a bit up on Cure53, and it seems like they're an example of something different. It's cool to see that working in the wild.
Via some rabbit hole I fell into, I ran across @cure53. Tons of good stuff in their github. Coming from working at a couple of small consultancies, it's cool to see how much is public.
This is just gold for anyone thinking about starting their own:
https://github.com/cure53/Contracts
Every place I've worked has bootstrapped some documentation system or other. I worked at two companies that built their own complex document
generation systems (meanwhile, I used org-mode). It would be nice to see more groups working like this.
