Disaster preparedness for security professionals

Five questions for Desiree Matel-Anderson: Insights on FIT’s three-step methodology for maneuvering through cybersecurity emergencies.

By Courtney Allen and Desiree Matel-Anderson
November 1, 2016
Thunder cloud Thunder cloud (source: ljvdbos0 via Pixabay)

I recently sat down with Desiree Matel-Anderson, chief wrangler of the Field Innovation Team (FIT) and CEO of the Global Disaster Innovation Group, to discuss designing in the security world with strengthened collaboration during a data breach. Here are some highlights from our talk.

1. As chief wrangler at FIT, a nonprofit focused on disaster preparedness and crisis, you see how many different groups respond to crises. What are some patterns you see in groups that successfully maneuver through emergency situations?

The patterns of a successful emergency response are clear communication and collaboration fostered through simple design frameworks (i.e., using design as the method of problem solving). An example of this is FIT’s three-step prep design process, which is composed of this basic approach:

Learn faster. Dig deeper. See farther.

Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

Learn more
  • Begin with a narrative of who and what you are solving for.
  • Sculpt a focused challenge statement through our reframing exercise.
  • Build out one concept to prototype.

You begin the process with situational awareness of a cybersecurity breach to emphasize the importance of defining the environment, discussing with a team, and then laying out the details before jumping to conclusions. Next, you build on a challenge statement defining very specifically (a) who and what populations you are planning for, (b) which focused issue you will address, (c) and why this narrowed target is needed or important. Finally, you ideate and prototype in order to start brainstorming ideas for the security breach. This is an opportunity to come up with the wildest and most creative ideas possible, then ground your ideas back to reality by creating a physical representation using the resources around you. Teams are then formed to present the ideas to others to ensure that the logic behind the ideas is clear to those outside the group.

2. How would FIT’s three-step methodology to solve problems in crisis situations apply to a security breach?

Our three-step prep design process can be utilized in any crisis situation. I’ll actually be leading our very first simulated hack at the O’Reilly Security Conference in Amsterdam. Participants will be interacting with fellow security professionals to practice design thinking and learn how these concepts can best be applied during a cybersecurity breach. The aim is better on-your-feet problem solving and rapid response during a security emergency.

3. What are the benefits of utilizing emergency management language in the case of a security breach?

Collaboration is a pattern in emergency response that is paramount in all situations, including a security breach. It is essential that we all learn each other’s languages and understand the systems of our partners, which includes security professionals having a foundation of the language and structure of emergency management to support rapid response.

4. What principles define design-thinking methodology, and how do those principles apply to security?

Design-thinking methodology is all about the end-user driving us towards empathy and placing ourselves in the shoes of the person impacted. By putting together creative solutions that drive impact for the end-user in the security field and/or any situation where challenges arise, you will have the three-step prep framework as a tool to build progressive solutions that you would not have believed possible and further drive an understanding of the cyber world around us and/or the other challenges we may face in our day-to-day activities.

5. As you mentioned, you’re leading an interactive exercise on designing for cyber-security solutions at the O’Reilly Security Conference in Amsterdam this November. What presentations are you looking forward to attending while there?

The presentations I am looking forward to attending are Google’s Allison Miller who has expertise in designing and implementing real-time risk prevention systems at Internet scale, and O’Reilly’s Courtney Nash who has a background in neuroscience and has focused on examining the way our brains interact with technology. Both of these women have fascinating backgrounds and a plethora of experience. I can’t wait to see them live!

Post topics: Security