Weeknotes

Edited highlights from my previous week I finished Passenger to Frankfurt by Agatha Christie, a surprise “Jolabokaflod” present. I wrote up my thoughts here, it was a weird and entertaining ride of a book. Appropriately for the time of year, I finally watched some more MST3K by viewing their interpretation of The Christmas That Almost Wasn't. As Twelfth Night has only just passed I think, do take a look if you want a seasonal introduction to the, er, oeuvre/method of MST3K and RiffTrax…. “It’s like watching a movie with your funniest friends!”. ...

My previous week: Teams and teamwork was a bit of a theme last week… this week, due to NFL scheduling shenanigans, the team I follow played twice in the same week. The Seattle Seahawks lost both games, taking them out of playoff contention for the first time since I started following them again “full time” back in 2012. It’s been interesting to dip into “Seahawks Twitter” and similar commentary while analysts hypothesise as to why the team is so bad this year; especially to see in another arena how several smart people I trust all have different but well supported opinions. Personally experiencing poor service from several suppliers, and the same at work but from customers. Nothing really to be done about it, it just seems unnecessary and doesn’t benefit anyone involved - I mention it here because that kind of unnecessary friction in life wears me down more than I feel it should, but I don’t know what to do about that. Not much else due to Christmas… which I enjoyed. Thanks to Santa, for dealing with the above friction, I now have access to a Giant Stress Brain. I watched the live action version of The Last Airbender, having finished the excellent Nickelodeon cartoon series earlier in the year. And also because I’ve a definite interest in bad films. I found the film interestingly awful on how it just didn’t work and why - I think there were poor choices all around in plot and pacing and direction and dialogue… I don’t think I know enough to comment on sound design or cinematography. But most notably, the key capability of element bending in the cartoon was astoundingly badly handled in the film… in the cartoon it just worked, in live action the actors would perform a tai chi like set of moves, and there would be element bending happening, but the connection between the two only worked a couple of times throughout the entire movie. They’re not videos I’ve watched myself, but if you want to see it dissected I trust Hello Future Me to do so by reputation alone. earth bending... apparently

My previous week: Looking back on the previous week, I only realised that “playing as a team” was a common thread through the most significant and/or interesting events when I was putting together this weeknote. I watched a presentation by CrowdSec a “free and open-source collaborative IPS”. I need to experiment with the software, but I was impressed by the team behind it, and their approach to making something like this work while also keeping one eye on the business model. I’d be interested to hear from anyone using it, or with strong experience in how well crowd sourced threat intelligence works out. I took part in a couple of playtests of the Minimator game - operated as part of the work of the Research Institute of Sweden. This is a well put together game, probably aimed at policymakers, to explain basic concepts in how cyber defence and zero day markets work. There’s a lot of work gone into the game, and still a lot to do; but there’s definitely something in this and I’m optimistic about what the project will achieve in future. I was a sounding board for someone working through their career options, and they highlighted how much leading and being part of a team meant to them. I realise that aspect of work probably means more to me than I expected, my involvement in PlaySecure being the most obvious… but increasingly I find myself pushing to work with others before I’ve a fully formed idea. This has led to some promising concepts, but there’s also been many times that hasn’t worked at all after auspicious starts. At some point, but only after something has paid off, I should work out my “completion percentage” on ideas. Separate from that team based theme though, I watched Vivo; a delightful film, well paced, engaging, suitable for children if you’re up for “adult themes” and some definite peril. Not quite at the level of Hamilton... but still... definite peril...

My previous week: Various tribulations with online stores. Maybe I’m getting old and weary, but it seems harder and harder to just pay for something and then get what you paid for; or to trust any of the online review sites, which are obviously being gamed. I attended the National Cyber Deception Laboratory’s symposium. This was a good day, with some useful and quotable points of view - I expect to blog some summaries of different presentations as they go online. I’ve always been puzzled and frustrated why cyber security, as an industry, doesn’t engage with deception more, hopefully this event is the sign of a change in approach. I attended, and kind of helped run, and spoke at, the Enterprise Circus, which operated under the PlaySecure brand. This was a lot of fun, and I think like main event back in March 2021, it got a few people thinking something new. As always the aim is to just try something a little different, rather than just being yet another conference saying the same thing. A different approach to video call backgrounds

My previous week: I attended a really interest critical thinking exercise by Sara Penrose Optimisation Training. Myself and several others just brainstormed through how to design a driver’s cab for a truck. The ideas went in all sorts of directions, and it was really illuminating to see how creative people could be given the time and space to work together, and also how that innovation was down to process rather than some kind of innate quality. I learnt a lot, and was struck by how much “path dependence” there is in the design of truck controls - from the steering wheel to the gears to the pedals all being based on outmoded mechanical systems, to “paperwork” still being made of paper. I stepped back from a few things, trying to catch up on a lot of older email and other messages, while also implementing systems that make it easier to filter out the signal from the noise in future. I think I had some success, but also this is a process I’ve been trying to do for years and years. Spent an enjoyable evening just playing Animal Crossing and realised it’s one of the few things I do that I don’t try and turn into something productive. Having turned many of my interests into presentations, and with an increasing interest in the commercial production of game-based exercises, this is one thing I just do. Making the most of the new tripod mode I developed an innovative photography style in the game which… well… it makes me laugh. Mostly my massive head A new contact got in touch to discuss some business ideas. This is particularly promising, but often I make contact with similar “ideas people” who are “time poor” and so our conversations are interesting but not profitable. We’ll see… I helped someone think through their career options, I think mainly by just given them space to think, and helping them apply their consulting skills to their own situation. I’m more the catalyst than the reagent. Another interest that I’ve turned into a presentation… the Seattle Seahawks had the Seahawkiest of games so far this season, “sloppy but thrilling”.

Three episodes of the WB40 podcast to listen to if you’re into Cyber Security Episode 209 - if you’re part of The Great Resignation, or considering moving out of cyber security, or coming in, it’s worth listening to the hosts and Lee Cox thinking through this kind of career change. Although not directly related to cyber I’d expect you to find the decision process, and the successes and failures, very relevant; as well as the importance of an ability to learn, rather than being a life-long subject matter expert in just one area; as well as the importance of transferable skills… as well the lack of innovation from employers… and and and… convinced yet? Go listen. ...

My previous week: Provided some feedback for a game/exercise design, which was enlightening because it’s rare that I’m in that situation, rather than being part of the design or operational team. Some thinking around the forthcoming Enterprise Circus. I’ve some trepedation about whether we can make the Circus metaphor work, but I think that is what makes this event work doing. As per our “pitch”, written by Phelim Rowe, using this metaphor is an “engaging prism”, which I hope will spark some new ideas. I enjoyed attending Level Up: Gamification as an innovative tool for public service design; this was particularly enjoyable due to the talent and experience on display - I essentially watched three people build a pitchable business idea in a little over half an hour. There’s some really interesting things happening in game-based methods right now. I was on a panel at the CISO Ensemble, and ran a panel as well. Running the panel was particularly difficult and enjoyable, great to get a range of views, and to figure out on the fly how to give everyone a chance to speak, forewarn them when they were “up”, while paying enough attention to the conversation. On that particularly busy day I also attended Cardstock; very useful, very interesting, I came out of with lots of ideas and a connection or two. One thing that particularly struck me, it might be observation bias, but for a generally skeptic-minded person like me, some of the greatest insights and mental leaps seemed to come from those with the greatest affinity to “magical” concepts such as astrology and tarot. Something to ponder. I finally made time to watch the Georgetown University Wargaming Society’s recording on WATU, presented by Sally Davis of DSTL. Good points well made, and also packed with useful academic references to strength through diversity. And I continue to play fantasy football, which I find such an interesting way to follow the NFL. For me in-particular it brings home just how big a part injuries play in the game, and the operation of the teams. A team figuring out CISO as a Team at the CISO Ensemble event

My previous week: Thinking through different and underused game formats: board games that support simultaneous or asynchronous movement, where a wall-mounted magnetic board would make “Play By Video” easy, and so on. A great chat with someone looking to use me as a cyber security associate, who asked all the right questions… such as “what are you interested in?” rather than “what do you have five years’ experience in?”. Other useful conversations about forthcoming projects and events, or working on existing ideas. Some “cyber security strategy” work, just helping someone think through their security roadmap and highlighting what they might have missed, or giving them a chance to explain their choices out loud to me before they face their stakeholders. And as always, I’m finding it useful to write up these weeknotes. I just wanted a free pixabay graphic about studying or thinking... but now I have to know why she's studying on a roof...

My previous week: I was kind of thrown into the role of Game Control for an online playtest - which I found a little stressful, but illuminating and useful as well. Lots to think about, especially running other people’s game designs. A really useful conversation on how to make money out of game design. I’ve been put off the idea because so many game designers make a point of explaining that it’s not well paid, but as always I’m trying to find a different angle. The online services provider for my work went down temporarily. While there was really no harm done, and I was kind of covered, I was reminded that we all need to test all fallback procedures in advance. I was reminded of this recent post on hybrid gaming when your Internet connection goes down. Inspired by this tweet I’ve been thinking of how to design Play By Video games, both as the desired format for the game, and as a way to playtest them. It’s a particularly difficult design problem for anything beyond a simple game like chess because the players have to trust each other with anything hidden or shared… lots to think about. Also I don’t have the space to leave these kind of games out, but I’ve ideas around that too. I was the remote adversary for the Ransomware workshop at BSides London. The event went well, I’ve received some good feedback, so I’m looking forward to where we go with the idea in future. Also I’m looking forward to seeing the recording of the presentation my rookie presenter mentee put together, a cross reference of penetration testing and Persona 5. We watched Shang Chi and the legend of the ten rings; in some ways not a typical Marvel film, and the better for that. We also watched Red Notice and, as many have said - an unsurprising film by numbers. It works as an “enjoyable romp” if you’re drinking, or not particularly awake. And lastly, with the unscripted excitement of a game but the budget of a movie comes watching the Seattle Seahawks. After navigating poorly described and outdated contractual restrictions I managed to get access to the game… was it worth that level of effort? Every week Lee Sharpe creates these great gifs, that map each team’s Win Probability as the game progressed, which give you a really great idea on the flow of the game. You can figure out the flow of this one pretty easily… So little time on the Seahawks' side of that 50% chance line...

Last Week: A very thought provoking conversation with a former Police officer about innovative tactics to use against organised crime. A useful conversation with someone in a similar position to me, a square peg looking at round holes, and the attitude required for that kind of situation. While there’s a lot of nuance required, “keep going” is an effective summary. Providing training on assessing and using penetration testing results, it was interesting to see how much I still know - and how far some aspects of the practice have gone, and how many haven’t changed in the last decade. Finishing off plans for the Ransomware workshop I’m helping run at BSides London, I’m very much in the “sidekick” role, helping James Bore think through the idea, and he’ll be onsite on the day.