En Enero fue el #enigma2023, uno de los eventos más importantes para hablar de ciberseguridad y privacidad, con muchos expertos top en la industria

En una de las pláticas compartieron este tema acerca de las apps de chats, y...

Resulta q WhatsApp es más seguro que iMessage 🤯!

Saw that #Enigma2023 videos were posted, and I now have an extra 10 tabs open as a watch list

🤷

♾️ + 10 = ♾️

@leak Thank you for live tweeting #Enigma2023

I am still using them for reference!

What a fun coincidence that all three Questioning the Status Quo talks at #enigma2023 featured animals!

I love the

  Design from the Margins

concept that I learned from Sarah Aoun in her #enigma2023 talk on privacy and security of vulnerable populations.

It comes originally from Afsaneh Rigot who defines it as a design methodology for implementing changes to technology products by centering those most marginalized and gravely impacted by design decisions.

https://clinic.cyber.harvard.edu/bio/afsaneh-rigot/

A quick note for all the speakers, program committee members, session chairs, & USENIX staff who put #Enigma2023 together over many many months —

The credibility & reputation of Enigma was again strengthened by all the hard work that YOU put into it. I hope you’re all able to enjoy this weekend with less weight on your shoulders. 💕

And to my fearless co-chair @joebeone: I couldn’t have asked for a more brilliant & supportive partner in this climb up Everest. Future shenanigans await! 💛

@shortridge 's talk at #enigma2023 is ridiculously good.

Very glad that @leak is live posting about it! https://hachyderm.io/@leak/109758085369245666

Finishing off #enigma2023 with "The Very Hungry Defender: Metamorphosing Security Decision-Making by Incorporating Opportunity Cost" from Kelly Shortridge, Fastly, Inc.

We’re coming around the home stretch for #enigma2023!

Excited to be part of the sessions this afternoon. 🥳

The slippery slope of cybersecurity analogies

#enigma2023

How to avoid misconceptions
* recognize the audience
* refine the message, use other tools in the language toolbox like personal story
* respect your role. we have expertise and need to be careful not to unintentionally reinforce a message we don't want to persist (e.g. "cyber 9/11")

#enigma2023

Cyber hygeine

basic and must be repeated to keep you safe

#enigma2023

Pros and cons

truthful and helpful
vs
inacurate and incomplete

#enigma2023

Cybersecurity and legal analogies

Storage systems are not a filing cabinet! Courts have a really hard time telling when the internet is different For example, is browsing the internet "acess" under the law?

#enigma2023

Cybersecurity and military analogies

"blast radius" of stealing your password does give a sense of scope to the damage, but it's not like a bomb where it's limited by physical space

#enigma2023

Cybersecurity and medical/biological analogies

digital defenses don't behave like biological defenses -- computer "virus" doesn't act like one!

#enigma2023

Cybersecurity and physical world analogies

"the weakest link" ... users are targeted, and need more defense, they're not a failure

#enigma2023

If you're interested in my talk Myths and Lies in InfoSec, but wasn't able to attend #Enigma2023, @leak has a great thread covering the highlights, here:
https://hachyderm.io/@leak/109757884971509292

How do analogies fail?
* Overgeneralize e.g. email as postcard helps expain privacy but misses things important in other contexts
* analogies can mislead e.g. no cyberweapon has done the destruction of a kinetic weapon
* analogies can normalize

#enigma2023

Why analogies?

* help people learn
* connect mental models (e.g. "trojan" sounds bad even if people don't remember the details of the horse story)
* explain complex topics (e.g. firewalls stop stuff)

#enigma2023