Siege of InfoSec – The Aftermath

Okay, so when I said I wouldn’t talk about work, that wasn’t entirely true. Sometimes I do stuff at work that I think is cool and interesting. So there!

Short version: As a proof of concept, teaching Information Security through the lens of Medieval castle design is a bloody good idea! Getting more people to rock up may be more of a challenge.

Longer Version:
On Tuesday and Thursday of this week I set up and had a crack at running a new Information Security Awareness event here at the University.
The event was called the Siege of InfoSec. A workshop where participants would map out what data they had and what others had on them and design a castle, taking those defensive elements and seeing how they translate into Information Security.
Despite quite a few people signing up, very few people came….   (Boo! Hiss!)
On the flipside, the people who did come were great. Engaged, talkative and open minded we ran through the exercises and material, had spontaneous side discussions and even ended making connections to Monty Python in the course materials, even before I pulled out the diagrams of Doune Castle.

It is immensely satisfying to get to do things like this and challenge perceptions despite knowing it is an uphill struggle, especially when competing against other events. So while I could moan and gripe I will look to the positives:

  • Explaining defense in depth, static and dynamic anti malware profiling and the difference in behaviours between different malware types works really well using castle design and siege warfare as an analogy.
  • People seemed to like it.
  • Looking at historical castle design and explaining concepts like mantraps, murder holes, and the killing floors really gets peoples’ attention.
I would do it again. In fact, I probably will as part of Information Security Awareness Week in October, but as a shorter event. More presentation than workshop. Watch this space…