This is the title of the presentation that I gave yesterday at the Greek OWASP Chapter meeting which was held at the CoLab. The presentation is based on my experiences in participating in three Cyberdefense exercises and can basically be summarized by the following points:
- Cyberdefense exercises are not a competition. We do not participate to “win”. In fact if there’s any win-lose objective it is a success that we lose. From loss we can learn; a lot.
- Given that there are no actual attacks taking place during the exercises, communication is what we exercise on.
- Cyberdefense exercises are about team formation. Team formation of organizations and individuals who up to now were not particularly interested in cooperating, since besides being critical infrastructures no other common ground exists between them.
- According to Tuckman, group development has four stages: forming, storming, norming and performing.
- Due to the fact that with each exercise the number of participants increases, we iterate a lot between forming and storming.
- Parkinson’s Law emerges a lot during storming. Cyberdefense is an enormous complex beast, difficult to grasp, but there exist in it tiny bits for everyone to understand well enough to consider them most important (even from the whole picture).
- Building a web of trust among people is the key to everything. Cyberdefense exercises help in developing trust because they bring people together.
- While organizing Cyberdefense (and understanding Cyberoffense) the following model from Best and Luckenbill must be in our minds:
Form of Organization Mutual Association Mutual Participation Division of Labor Extended Organization Loners no no no no Colleagues yes no no no Peers yes yes no no Mobs yes yes yes no Formal Organizations yes yes yes yes
Many thanks to @kpapapan for inviting me to give the talk and to the audience for bearing with my rants.