I’ve done a lot more AWS this week, but it’s all flowed fairly nicely. So you’ll be glad/disappointed to hear that this week it’s back to the every day.

Work

This week I attended some user research for the first time in a long time, and it reminded me how interesting and valuable it is to actually sit down with people and get a sense of what they do, and what their goals are. I’m thrilled that we’re doing this, and I’m doing my best to tamp down the problem solving part of my brain – because even when users say they want something, or might prefer it, it doesn’t mean that they actually need it. They may not be able to express what they need yet, not until we put a prototype in front of them and let them poke it a little.

In other work news, I’m continuing to build out infrastructure for the mentoring service. All of it is really good experience for applying to the day job, and I’m learning an absolutely massive amount. I would also like to apologise to my previous senior developer, who expressed…reluctance at engaging with it and learning it all. I understand why now. There is so, so much to learn – not just on the how but also the why and the what. Should developers know about firewalls, infrastructure, IP subnets? These days, maybe yes. But we didn’t have to, and I do feel a little apprehension that we might not all be doing it…perfectly.

This week I wrote a piece of infrastructure that deletes the entire service. You might ask why I’d build a self-destruct button, and my answer to that would be twofold:

1. Listen, what self-respecting evil genius doesn’t build a self-destruct button? Actually, do you even need to be evil? I know plenty of geniuses with self-destruct buttons. I know plenty of self-destructive non-geniuses, actually. Maybe we can all think about our own self-destructive tendancies before coming after me, hmm?
2. It means I can test the entire service with precisely the infrastructure I’ll be building in production before tearing it down. This gives me fidelity of testing while also reducing costs for the taxpayer.

MiSc

This week we had a tutor hour and someone asked why the concepts of negative and positive security are so named. After all, they pointed out, negative just sounds so…negative.

I…may have gone on a small rant. I might have referenced Kant, and the concepts of positive and negative liberalism, as well as the role of the State. I might have discussed coercive power. I didn’t exactly quote Monty Python and the Holy Grail, but – look, as security professionals, we have the power to coerce colleagues into doing any number of things in the 37 hours a week they’re employed (and indeed, sometimes outwith those hours). Even if it’s not supreme executive power, it should still derive from a mandate from the governed, and we should use those awesome powers to support and empower our colleagues. Not to make them do a silly dance.

Listen — strange women lying in ponds distributing swords is no basis for a system of government. Supreme executive power derives from a mandate from the masses, not from some farcical aquatic ceremony.

Dennis (anarcho-syndicalist peasant)

This week we looked at cyber-resilience, which prompted me to buy a second pair of washing up gloves and reflect on the tension between systems of capital control and profit like Six Sigma, which emphasise absolutely no waste, and resilience and agility, which require huge amounts of redundancy. Trimming every bit of fat in a system enables higher profits but ensures that when a crisis hits that system will be wiped out. By contrast, a system that has redundancies built in – whether that’s extra fat stores, money that’s in a different account, or database failovers – is much better placed to survive the crisis but may not survive until then. And, what’s more, resilience runs counter to a narrative of individualism. Let me give you my favourite example: a crisis prepper who wears glasses.

Reflect on that for a moment. This is a guy who’s got tinned food. Water. Iodine tablets. Guns – oh, so many guns. And two pairs of glasses at his current prescription.

He’s not resilient. He can’t be. He needs an optician. And the optician, well, the optician has diabetes. So now we need the supply chain that synthesizes insulin and, listen, I scraped a GCSE in chemistry and even I know that stuff is not easy to manufacture.

Resilience, cyber or not (please not, please let’s all agree to stop cybering everything), requires a totally holistic examination of supply chains. That is hard. That is so hard. And it’s so much easier, and more comforting, to climb into our bunker and say: I have food. I have water. I have guns. I have a spare pair of glasses. I’ll be okay.

But I am coming to the conclusion that, as security professionals, we can’t really do that. We can’t clutch our servers and say, But these are secure, if we’re not also making sure that our colleagues are paid enough not to be influenced by bad actors. If we’re not playing an active part in ensuring that our vetting policies don’t force out diverse, innovative thinkers. If we’re not sharing indicators of compromise and threat intelligence with our downstream and upstream partners.

The human body, the space-suit that we wear, is so replete with redundancies. And that’s why it’s so funny to me that some of the folks piloting it evangelise leanness. I’ll believe they believe it when they donate their spare kidney and extraneous liver.