Categories
Improving Technical Security Open Internet Standards

Security by Social Design

I recently visited Nairobi, Kenya where I took part in the Nairobi Intercommunity 2015 Hub. After the room had filled with paper airplanes ranging from ingenious origami that sliced the air in almost romantic ways to improvised ballistic models we had a small panel discussion on the concept of collaborative security.

In a panel with Peter Muia, Senior System Engineer at KENET, and Tyrus Kamau, Head of Information Security at Airtel Money Africa, we talked about collaborative security. It is in these sorts of discussions where the concept really starts to live.

During the discussion Tyrus described how he experienced the gap between graduates and industry. I believe he used the term ‘dual tragedy’: Industry is not able to fill positions with capable staff while recently graduated ICT-ers are unemployed. That gap between what education offers and what the industry needs is not only a Kenyan challenge. I’ve heard these sounds before also in my home country of the Netherlands and in the United States.

Good IT professionals take the maxim of ‘security by design’ to heart. It is important to consider the security of a system whilst designing it. Bolting on security as an afterthought is not just difficult, sometimes it is a (prohibitively) expensive exercise. While good security specialists have skills that may be hard to acquire (creativity and curiosity), the mindset and methodologies are something that the education system, peers, and mentors can expose you to. Those environments can be created.

Tyrus had done just that: taken the initiative to organize boot camps for groups of students. Expose them to cyber security topics through high-intensity hands-on courses. That resonates with the collaborative security approach. Trust in the Internet can be maintained only by the action of many, and in order to scale that we need to consider security at design. That is not only when we build systems but also when we educate our students. By taking local action (putting your money where your mouth is) and trying to find an approach that has the largest impact (thinking globally) the boot camps can act as a magnifier that results in a generation of security-savvy engineers from which not only Kenyan industry but the whole Internet benefits.