Writing about Security

As I’ve waded into security research, I’m most struck by how people seem to equate something that is hard with something that must be a good idea.

Very awesome people have already written about how “digital security” and “threat modeling” are weird and off-putting phrases. But threat modeling, whatever you call it, is critically important to any kind of security, so I broke it down into some more common kinds of “threats” for physical security. And made some charts. And checked the expiration dates on the cans in my earthquake kit. Enjoy.


From Medium:

What would completely disrupt your life in a terrible, irreversible way?

I live in an old brick building in Oakland, California, so for me it’s indisputably a block-leveling earthquake. It’s not likely to happen tomorrow, but it’s somewhat likely over the next decade. And there’s very little I can do to prevent it, though there’s a little I can do to prepare for dealing with it after the fact (having a good earthquake kit, learning first aid, making a plan).

I model earthquakes like this:

This is very bad, but there’s not much I can do. I have my earthquake kit, and my partner and I know where we’ll meet if one or both of us isn’t home when it happens. Otherwise, I try to live my life without constant and debilitating anxiety about this awful thing that I can’t control.

Another way my life could be upended would be a terrible bike accident. I ride my bicycle a lot, and Oakland has a few great bike lanes and many terrible drivers. Getting sent to the emergency room by a negligent driver is both bad and fairly likely.

Read on.