Projects

Services

It all depends: On who the adversaries are, on the context, on what information needs protecting, on the assets (networks, software, data and information systems, development environments), on what is considered in scope and what not, and on the people using the system (i.e. the individuals working with the definition, implementation and maintenance of security policies), and whether lives depend on it or not. A few examples:

  • The design of digital defence for (W)HRD, Land, Nature and Earth rights defender cases is hard. Beneficiaries are often highly vulnerable, with critical security and protection needs that complicate any kind of support. The power dynamics between marginalised people(s) and the organisations serving them can complicate matters further. Not to mention cultural differences, often with a historical record of colonisation. And low levels of technology adoption and digital literacy mean that in many such contexts it can deepen dependencies on any support system. As with systems thinking, I have adopted and adapted red teaming to colourful teaming which includes a few overlooked directions.
  • Threat modelling is a process by which potential threats can be identified, enumerated, and prioritised – from a hypothetical attacker's point of view. With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and assets most desired by an attacker, defenders can focus on what is most important to protect.
  • System audits, for example for the low hanging fruit in vulnerable endpoints, with suggestions for security improvements.
  • And system administration itself for, for example, locking down (development) environments.
  • The confluence of surveillance and censorship, tight(er) regulations such as the GDPR, and lack of knowledge in using existing “free technologies” which improve privacy, security and quality of internet research for a specific context, its people and purposes, is undercutting NGO's effectiveness. Meanwhile, the data-mining and privacy and security business is booming and the siren song of certainty tempts people into wasteful spending and poorly informed decision-making, that is, if they even have such money to spend.

Systems thinking is more than just a handy collection of tools and methods to explore complex systems with – it is also an underlying philosophy, an awareness of the role of structure in creating what we face, of powerful patterns operating on us, and of consequences of our actions. I use (adapted) systems thinking to include that which can not be measured and then often gets overlooked:

  • Systems thinking can aid awareness of and finding ways out of circular reasoning and (group think or individual) bubbles.
  • It can be strategically applied for sensing more, and guarding minds with critical thinking for the common moves, opening space for discovering new moves.
  • Decision analysis the Satir way, has proven practical in tackling even the most complex problems, making it easy to compare (the possible effects) of decision alternatives.
  • Retrospectives are useful for learning to learn without making mistakes: That is, to be willing to make mistakes (not always playing safe), to not repeat the same mistake over and over again, to learn from the mistakes others make, and to learn from the mistakes of our teachers/mentors/coaches.
  • Open Space is a known technology for making waves, raising awareness, and grounding further privacy and security work.
  • So do custom made workshops with fun role-play and other exercises that bring a message home. Role-plays can be used to make visible what the left hemisphere would like to ignore, and can improve congruence and balance of a system.

Contact me for more information.