Cyber resilience - nothing to sneeze at

NCSC explains the concept of "cyber resilience" using an analogy to the human body's defences: https://www.ncsc.gov.uk/blog-post/cyber-resilience-nothing-sneeze

I'm not sure how far this analogy stretches - i.e. how do the aims of a cold virus compare to the aims of a typical attacker - but the "Prepare - Absorb - Recover - Adapt" feels much more likely to succeed than "Protect Protect Protect... ".

The bendy circus performers who help keep watch at a disused Birmingham school

This BBC report on four property guardians learning circus skills, found at https://www.bbc.co.uk/news/resources/idt-sh/balancing_act , was particularly interesting, and really impressive at how they've approached a difficult economic situation. I'm disappointed that this isn't seen as "adult"-ing, whereas the traits they exhibit: "self-reliance, building networks, learning skills, having fun, financial planning in a difficult environment, thinking unconventionally" as I put it in a tweet, are exactly what adults should aim for IMHO.

Why Diversity Wins

There is a lot of "politics" around diversity, what it means and who it applies to, and everything else that goes with that. I'm mainly interested in the arguments put forward in this sub-four minute video from Everything Is A Remix: https://www.youtube.com/watch?v=4Dn8NuiMADY ; that diversity gives you a better chance at solving complex problems than if you operate in its absence.

Don’t Leave Hungry! Plan a Full Red Teaming Meal

Another well put article from Reciprocal Strategies here: https://www.reciprocalstrategies.com/the-full-red-teaming-meal/ . The main take away is the distinction between:

  • Gegenspiel, or thinking like an opponent; and
  • Kontraspiel, or thinking like a contrarian or devil’s advocate.

I think Kontraspiel is a really useful approach to adopt when looking at a project, or any significant corporate decision... or decision in life for that matter.

Of course neither matches the current definition of Red Teaming used in penetration testing, which is essentially "goal orientated pentesting, mainly technical, with some social engineering sprinkled on top". And a pentester's Gegenspiel will be thinking like an opponent, rather than thinking like any of the opponents, but that's a discussion for a different time.

You should read the article, I like the use here of "all-role red teaming" to describe what Reciprocal Strategies offer.

I think I'm naturally inclined towards this kind of analysis, focusing on concepts, looking at overall issues, adopting different points of view and exploring them to see where they take me, and where they take whoever I'm working with and working for... and I think this kind of analysis is incredibly useful in all sorts of situations. However I gather Reciprocal Strategies is having to search for customers, and I'm disappointed to note the Twitter account has 85 followers at the time of writing - considering how smart and how knowledgeable Mark Mateski is that makes me incredibly wary of trying to turn this idea into a business myself.