Spaghetti Memoirs

Life Is All About Balance

Spaghetti Memoirs is a blog about my efforts to balance good/healthy foods, great drinks, work and exercise. All the recipes are gluten free and all the cocktails are amazing. 

Crowdsourcing: The Natural Evolution of Consulting

Wrote a blog on Medium recently :)

Working at a crowdsourcing company gets you thinking sometimes. 




So even though crowdsourcing has seemed to take our world by storm, I don’t see it as the ‘hipster’ of business practices that will fade into the sunset. I actually think that by enabling more people to do more things crowdsourcing will not only start to increase the quality of what we consume but will also help us be more efficient consumers and business owners.


Android Priority Interruptions Redesign

The other day I walked into the kitchen to find my boyfriend futzing with his phone. He was obviously irritated so I inquired. His response..

You should fix the UX for this...

And then shoved his Nexus 5 in my face. He was trying to set the priority settings on his phone. I looked at his phone and was equally confused.

The red arrow: All other spots with this typography indicate 'tap and a menu of options will appear.' This one is not clickable. it's just instructions. 

I decided to do a slight redesign of this screen to make it more intuitive and easy to understand. I am not affiliated with nor do I represent Android. I just dig design. :)

Lets do this.

Overall View

1- Enter Settings

In the current design, the menu is called 'interruptions.' This is the first that the term is used at all in reference to priority, texts, calls, events, etc therefore the users I chatted with found it confusing. I decided to change it to "Priority Settings" so that it makes more sense choosing from the "sounds and notifications' menu. I also made the different sections visually distinct. You can set (1) activate priority notifications, you can (2) activate a downtime for notifications, and (3) you can adjust the settings for both. 

2- Activate "Priority Notifications"

Next, I made everything that isn't active light grey. When they become active- by flipping the switch to green- they become darker. 

This menu is just like the current design. As soon as you choose to activate priority settings it asks you for how long. 

When either the priority notifications or notifications downtime are selected the settings then show up. I kept the 'grey = inactive' strategy in here as well. 

3- Modify Settings

Finally, the current design only is restricted in some of it's options. For example, it allows you to set 'accept messages and call from starred contacts' but not 'accept calls from all and messages from starred contacts'. I expanded out the options to where you could choose 'starred' or 'all' notifications for both calls and messages. These options are only made visible when they are activated. 

There you go! Feedback and comments are always welcome! Thanks for coming by.


YogaGlo App Re-Design

A few years ago a friend of mine introduced me to a website called I really dug the ability to choose from 2500+ classes, varying in difficulty and length, to do right in my home. I have since become obsessed with arm balances do to my increased ability to practice. ☺

Regardless of this, I became quite surprised when I investigated the mobile app for YogaGlo and found a completely different UX. Because I like the site so much I wanted to help. So here is my unsolicited redesign of the YogaGlo mobile application. I am in no way affiliated with or represent YogaGlo. Just a UX designer that likes playing around. ☺



Very recently YogaGlo implemented a new categorization strategy for their videos and made this visually salient with a new dashboard and icons to match.

Based on some of the companies literature, they did this to give suggestion and help their users have a more balanced practice.

I need to make sure I make this new categorization evident and salient in my re-design.

In order to understand some user needs, I chatted with some (hanging at a coffee shop) and reviewed the web app reviews, FAQ docs, and video comments. The overwhelming synopsis was that they really like the website experience but that was not what they got with the app.

“I love the ability to filter based on…”
“Where is the search?”
“Oh, I can only see videos that I put on my account from the computer. What if I’m not at my computer?”
“I can’t stream videos?”
“It takes a while to load the video.”

Task Flow

What is it that users should be able to do on the app? For this I made a task flow chart that covered:

(1) Using videos from your dashboard queue

(2) Exploring all the videos (watch and/or add to your queue)

(3) Search and filter for a specific video

For this part of the redesign I will focus on the first and second possibilities.


I started with the dashboard. I wanted to make sure it had the categorization from the website but also had the clean and simple look.

Each square represents the different queues on their dashboard as well as the search function. In addition, you can see how many videos are in each queue (ignore the search one).

At the bottom of the screen users can access their account features. While this is the only place they can access this (the dashboard) they will always be a click away from this screen at all times.

For the class list I talked to users and fond out that the main things they looked at as deciding factors were:

  • Level
  • Duration
  • Instructor
  • Class name
  • Type of yoga (e.g., Hatha)

Users make the up gesture to scroll through the list of videos.



For the mockups I took direction from the site and spelled out yogaglo in full on the dashboard but scrunched it to just ‘glo’ (see class list below) when you navigated away from the dashboard.

For the class list, I wanted to make sure the user knew where they were and where they could go at all times. The icons at the top represent the places they can go (with glo being the dashboard) and the large black icon in the background indicates where they are (this is mind).

For each class, the icon indicates what type it is. While this is redundant for the mind section- since all are mind- this will be paticularly helpful when the user is searching through all the classes.

The color scheme indicated the different types (hatha, vinyasa flow, meditation) and the colors are the same as those from the site. I made them more transparent to give a little more dimension and allow the mind logo to be seen better.

After some testing I took out the ‘details’ option from above and made the side arrow the ‘play’ button. Having the details and play button was far too cluttered and few users said they would use the details for an online app.

Not seen on here: Since all of these videos are in the users queue there is no add symbol. This would be placed in the bottom right corner for all videos not already in a queue.

When a user clicks on the side arrow, the app goes into landscape and displays the video in full screen.

There you have it.

I think that i’ll start to tackle the search options next. Thinking through it already has me asking a lot of questions. Typically search functions are no fun on a mobile device… to battle that…hmm.

Constructive criticism is always welcome.


UX/UI Experiment: Adding 'Share Buttons' To Aviator Template

Recently I went back to the UX/UI basics and started to evaluate my site. More specifically, what were my goals? What were my user goals/needs? How do my goals get achieved when the user gets what they want? One of my big needs was increased sharing of content across all different sites (e.g., Facebook, Pintrest, email). I am currently using the Aviator template from Squarespace and while it is a pretty interface, the sharing features are pretty hidden. 

The icons are very small. They don't have the conventional and easily recognizable symbols -we all know what clicking on the blue 'f' is going to do. The light grey color blends-in not helping it stand out to the reader. Basically, I needed to change it. While I wanted to keep the uncluttered look of the template I needed to remind readers to share what they were reading and make it easy to do so. I looked around and the simplest option I found was through They are a site that provides tools to help with content engagement. Share tools, follow tools, marketing tools, trending content tool, etc. I got the free account and decided to go with the "Sharing Sidebar."

I may decide to change this but I chose the side placement over the buttons within the text for a few reasons:

1- Because of the picture and lack of clutter, it visually breaks up the site and therefore is quickly noticed. 

2- I didn't want the buttons after every blog. I worried that the visual salience would be lost with the repetition. I have not done any field research on that though. 

Anyway, once I got the code I went to settings --> advanced --> code injection.

Excuse the share bar. The screen shots were taken AFTER I successfully inserted the code. 

Then a simple cut and paste of the code I got from addthis. I would give you the code but it is specific to each  persons account. 

Well there you go. Hope it helped! :)


UX/UI Experiment: Interface Design pt 1

The day is here! It's time to actually step out of the abstract of UXD and start making changes to my site! I started to dive into interaction design - defining how the system is going to interact with users behavior- and from there started to make some interface design changes.


Five of the most important principles of interaction design are:

  1. Consistency
  2. Visibility (don't leave discovering content to chance)
  3. Learnability (the interaction must be easy to learn and easy to remember)
  4. Predictable (use previous behaviors and experiences to make it easy on the user)
  5. Provide feedback (the user knows that the system has responded to their actions)  

With this in mind I started to think about how my site was set up and came up with questions. Is it easy to know where you are on the site (e.g., eat, work, drink)? Does the visual layout facilitate people discovering new content? Is the required interaction intuitive or do you find yourself having to search for navigation cues? 

I opened the main site and started asking more questions. 

If you stumbled upon my homepage could you easily navigate to different pages?


Not really. The eye is brought to the center but the navigation is small and on the top left. If you read the site description then visually you are very far away from the different sections of the site. To start to resolve this I did two things. First, I moved the navigation bar to be centered. This means that everything the reader needs is in the same space that they are visually pulled. Next, I put more emphasis on them by increasing the size as well as decreasing the proximity to the middle text. 

It's still a work in progress but it's an improvement. Constructive feedback is always welcome!


Next i'll start to explore how to achieve one of my goals:

Increase shared content.

UX/UI Experiment: Strategy

In the previous blog I explored the user and what they were like. Now that I have that going around in my brain, it's time to start thinking about the strategy of the site/business overall. 

The real test of a UX designer is how well you can align those goals so the business benefits when the user reaches their goal.
— -Joel Marsh The Hipper Element

There is the big question- what are my goals? What do I want to do with Spaghetti Memoirs :)

Using a great exercise from Joe Natoli's course (User Experience Design Fundamentals) I created a list of opportunities and then ranked them on importance and feasibility. 

*Note: The exercise has a few more steps that made sure I didn't list everything under the sun and had restrictions on points allocated to each. This is more of the Cliffs notes. I highly recommend taking his course for the full exercise.*

                                                             Importance          Feasibility

(1) Increase unique visitors            4                          2

(2) Increase shared content           4                          4

(3) Increase content                           4                          5

I noticed that while all of them are important, they vary on how feasible it is for me to control them with UX strategy....I know that I can influence unique visitors with marketing strategy.

This is how I came about with the table....Good content that addresses the users needs will get people interested and help to increase them sharing (Facebook, Pintrest, etc) so I must focus on designing for these two things. I should also keep unique visitors in mind while I design as well to keep this ball rolling.

I do note that these opportunities would obviously change based on the business objectives, the product, the users they are attracting, etc. 


Well that was fun. Back to the books for time we meet i'll start talking about use scenarios. 

The UX/UI Experiment...

...well it's not really an experiment so much as it is a continued-education project. 

Over the holidays I was catching up on my news feed reading and came across The Best User Experience Design Links of 2014 blog by Kenny Chen. Besides providing me with some good company during my morning coffee, it also reminded me of how much I really enjoy UX/UI work. It has research, statistics...

two things I have always loved

...psychology, behavior planning, information architecture, cognitive theory, wireframes, interaction with those creative types and those programming types...

two groups that I jive with well

...not to mention that it is becoming a corner stone of so many businesses these days. Oh my!

In the midst of my excitement I turned to my own blog and realized...wha UX is not..err..up to par. Neither is my grammar but you didn't come here for my writing expertise. So I decied to use this as an opportunity. I'm going to brush up on my UX/UI practice through modification of Spaghetti Memoirs. 

Before we all go off in a rush of excitement and enthusiasm -I know you're excited- there will be highs, lows and maybe even a few unanswered questions. I may even get a little off course but will always find my way back. As I read i'll be sure to include the links I find and the sources that have helped. Since I will be modifying the website as I go through the process those that follow from the beginning will be able to see all the action happening. :)

So here we go...starting from the beginning...lets get our UX/UI on.


Gamification: A How To

The term gamification has been thrown around a lot recently in relation to product engagement, client/user retention, marketing, and even training but what exactly does it mean to 'gamify' something? 

Is it simply sticking badges and progress bars on a product? Giving clients 'points' for completion of tasks? It depends. There are some scenarios that badges, virtual currency, and competition boards are very useful and really facilitate client retention. In other cases that tactic can backfire in a major way causing your clients to feel talked down to and put off by your product/service. So how do you know the difference?

Lets start with talking about an industry that is thriving by literally making their product/platform/service a game: fitness. From apps to devices, the fitness and well-being industry has gone crazy by providing badges for levels of achievement, ways to compete with your friends, mediums to automatically tell others about your progress, and in some cases gain some sort of 'good' in exchange for interacting with the product. This concept has taken off so much that many large organization (e.g., Virgin Airlines) have corporate well-being programs that give employees these devices and provide incentives for activity. The whole point is to make loosing weight, running, counting calories, biking, training, <insert other activities here> a game so that you will do it more.  This is an example where effective use of gamification techniques is literally turning the activity into a game- badges and all. 

The next industry that has really benefited from gamification is child education. From Leap Frog to tablet apps, gamification has revolutionized childhood learning by making kids want the educational product and then creating something that they want to play over and over. Using game-like features and appearance, children are motivated to interact with the product because it is literally a video game. Parents support this because the video game teaches their kids ABC's, 123's, to read, etc. Then from there, the use of badges, new levels, virtual currency and increase difficulty kept the kids coming back for more. For the most effective products, the only reason the child stops playing is because they have moved past that curriculum. 

Lets think about a situation where badges and 'level ups' would not help; frequent flyer programs.  Does this mean you can't employ gamification techniques. Absolutely not. It just means that you have to be more sophisticated. Badges turn into frequent flyer status (e.g., Frequent Flyer status). Coins as a reward turn into 'points' or miles that provide them with access to other wanted resources (e.g., upgrades, club lounges, hotel benefits). By using the concepts of games, and not just game-like features, you still get the same desired outcome- client acquisition, client retention, product engagement, etc.- without talking down to your clients. 

Games have been around since before we can remember and for good reason. They leverage several natural desires we have and encourage us to get involved, push through difficulty, and keep playing. Gamification harnesses those concepts and puts them on their head. If applied correctly you can move mountains. If not researched and applied incorrectly it can ruin a message, product, service, and/or business. 

Content Effectiveness: The Importance of Choosing the Right Team

In a recent chat with a friend the topic of branding and marketing came up in relation to making an effective security awareness program. More specifically, we were discussing what happens to the effectiveness of your content messaging, as well as ability to consistently influence behavior, if the employees creating and implementing the content (a.k.a. your team) don't act in accordance with the message. Long story short, this can be very damaging and ultimately result in decreased effectiveness of your entire content strategy as well as a decreased ability to change user behavior. Regardless of this, the importance of having the right team (and right branding) is not something that is given much attention when building a security awareness architecture. To address this I wanted to post an example that I have actually seen with some clients. :)

The Problem:

An organization has bought brand new content -with a new message- to send to their users to get them to change behavior (e.g., be more secure and/or stop by passing the security controls set in place). After 6+ months their are very minor improvements in some spots but not as much as expected and most behaviors haven't changed at all. Rather than just accepting defeat, the team decides that they are going to reevaluate the situation and customize the off-the-shelf content that they bought. In order to do this they need to research the users, identify the appropriate message, and implement a content strategy that gets better results than they are currently seeing. 

The Research:

To better understand the users, and ultimately create the right content messaging, the team decides to evaluate their security culture by:

1) Identifying the top security priorities within the organization

2) Understanding what message the current content plan is sending out and

3) Finding out why that message is not resonating with the users. 

After some interviews they find out that:

1) Their top priorities are: (1) reporting phishing attacks, (2) unapproved BYOD, and (3) delayed reports of lost or stolen items. 

2) The new content focuses on a 'motivation' message that tells users the dangers of each so that they are motivated to act in a more secure manner. When appropriate the message will also include how the information pertains to securing the users' family as well. 

3) Speaking with the users a completely different story comes out. Users know the dangers of each topic -and use the information at home when applicable- they just don't want to call the IT help desk. It turns out that 5+ years ago it was run by a different program within the organization. Almost every user interviewed states that when they called it took over 30 minutes of their time and always resulted in a rude/irritated tone from the person on the other end. Because of this, users now avoid calling the help desk except in cases of dire emergency. Similarly they tend to ignore any messages sent out or posted to the Help Desk website.

The Appropriate Message:

After talking to users the security team realizes that before they can customize their content they have to address the image -or brand- of their IT Help Desk team. In the past the team in place acted in complete opposition to the desired content message. They were rude, unapproachable and implemented slow processes. Even though the staff has been completely changed, the IT Help Desk 'brand' need to be changed to one of 'approachable, 'helpful,' and 'improved.' Users need to feel like the IT Help Desk is not the same as it was in the past. The staff are approachable for any security questions -not just dire emergencies- and will go above and beyond to help the users understand. Basically, now that the staff is acting in accordance with the desired message, the organizations users need to see that things have changed.

The Content Strategy: 

Change the IT Help Desk Website: The IT Help Desk is large enough that the team has a website where they post their number, pertinent security information and different announcements. In order to indicate "improved" this page needs to change in look at feel. This gives the users a visual indicator that things have changed and that the previous experience may no longer apply.

Lunch and Learns: Set up a series of lunch and learns- about information the users would find interesting/important- and have them run by the help desk team. While this does help get information out there, it also gives each the teams running the lunch and learn a more approachable and knowledgeable image. It's a small intimate setting where questions are safely asked and answered. 


The content strategy implemented was successful in changing the image of the IT Help Desk. Not only are users calling to report phishing attacks and lost/stolen iteams but they are also calling for clarification/information on other new threats. Furthermore, users are digesting the information on the website giving the security awareness team a helpful medium to disseminate new and important information to users. 


What Is Security Awareness?

What exactly is a ‘security awareness team or program?’

What are the necessary skills required? Should they have advanced education in a specific area? Should they be security experts first and foremost? What are the duties performed? Is it about communications? Training? Behavior? Security? What on earth is this? Needless to say this got me thinking; what exactly do I do as a security awareness expert? What characteristics are key to the success of a program? Some say it’s to empower the users to be more secure. Others say it's about increasing awareness of the security risks of their behavior. For me, I think it’s a lot broader than that. It’s all about interacting with humans and transmitting an effective message that will change behavior. Notice I did not specify a ‘security’ message.

Let me explain by outlining what I think are the needed roles for a successful security awareness program/team.


The Communication Expert

One of the bigger parts of changing user behavior is effectively getting your message across. If training is a text heavy slide show with no appeal to motivation or benefit to the user then the message will not get through. Alternatively, if it is all flash and mirrors with no needed content then it’s just as useless. So rather than asking a security/technology expert to suddenly become an expert in communication you need someone that is already that. Who else but marketers? This is a group of people that excel at not only communicating information but doing it in such a way that the viewer is motivated to listen and act. These professionals get the important information and efficiently package it to get the message across. How could you not want them on your team?

The UX/UI Expert

Another important part of effective security awareness is human-computer interaction. The days of in-person training are fading fast with most training being delivered on some sort of e-learning management system. If user experience is not factored in, it won’t matter how effective your messaging/training is if the platform is atrocious to navigate. Again, rather than requiring the security team to become an expert in cognition, HCI, usability, etc., bring in the experts. These guys/girls will be vital to your cause and ensure you don’t have to answer thousands of confused user emails once a year

The Behavior Expert

Security awareness is not just about training material, it’s about changing user behavior. Training is a point of contact for that but in order to enact change year round behavioral content plans need to be in place. Systems of rewards, reminders and motivators need to be enacted to make sure users are secure. While we are all human, and therefore exhibit behaviors, this by no means makes everyone an expert in human behavior. Again, don’t reinvent the wheel and don’t force the security/HR/operations team to become behavioral experts.

The Data/Research Expert

Once the messaging and behavior plans have been created, and the platform is all ironed out, you must –and I say must- implement metrics. If you don’t measure the behaviors you are trying to change how will you ever know your program is working? This is where the data expert comes into play. They set up the appropriate metrics and experiments to see if your messaging –and behavior content plan- is working, how it’s working, and where you can improve. They can also set up systems that predict upward or downward trends in undesired- or desired- behavior. All of this information can be taken back to the rest of the team to help tweak and constantly adapt the program. These guys/girls are vital to everyone’s success.

The Subject Matter Expert(s)

At this point we have effectively made a team that can disseminate any sort of human behavior change required, they just need a topic. Cue the subject matters experts (SME). Need to make training on phishing emails? Get a social engineering SME. What about some role-based training on incident response? Get an IR SME -maybe even reach out to your companies internal IR team. You could even broaden the scope of this team to include product, sales training, management and safety plans. The list is endless. A good group of SMEs enables this team to deliver whatever message is required within the organization.


There you have it. A good security awareness team really isn’t about security. It’s effective messaging and behavior change. The ‘security’ part comes into play when new content/topics are being discovered and a subject matter expert is required. I look forward to the day that this is what comprises an organizations awareness team. I think they would move mountains.


-Thanks Peter Hesse (Gemini Security) for the braining storming session and the great blog that got this conversations started for me. :)


Kathryn Budig: Making Your Passion Your Work and Balancing It All

Almost 5 years ago I saw my first Yoga Glo video with Kathryn Budig. I must admit it was a little different than I had experienced in the past -in a good way of course. She was vibrant, happy, and straight forward. Through the computer she managed to call out your self doubts- something I wasn't used to- and ask you push through them -in a very zen yoga way of course. After my 60 minutes I started looking into her has a person and was hooked from that point on. It was immediately obvious that her 'work' is her passion. Every day is an exciting adventure for her and she looks forward to it. I have been inspired by her from that point on.

hand balance.png

Kathryn Budig is a world traveling yoga instructor that does it all. Retreats, interviews, photo shoots, Yoga Glo, Under Armour, you name it. In addition, she works out-outside of yoga-, sky dives, is a proud owner of three adorable puppies, devoted partner, and healthy cook. Amidst all this and a hectic travel schedule, in every picture and status update I see from her she is always smiling and happy. Even in the face of the periodic cold she has a positive look on life and seems genuinely excited. I wanted to know how. How does she manages to balance everything? How does she maintain a demanding travel schedule and still keep a smile on her face, not get bored with her yoga practice, and connect with friends and family? So I reached out to her. At first I was quite nervous as Kathryn has inspired my yoga practice and life for many years. I also figured that she was just too busy. When would she possibly have time to respond to my email? But she did and once again she inspires (Thank you Kathryn).


-You are super busy traveling and teaching yoga but it's clear that even with all that work you love what you do. How did you manage to turn what you love into your career?

I was lucky enough to grow up with parents that would have never seen me do anything but what I love. They embraced all my whims growing up—wanting to be a naturalist (until I found out I had to deal with bugs, too) a lawyer (my older sister's career), an Olympian, an actress and then finally, a yoga teacher. I love doing yoga but more than that I love spreading the message. It's amazing to see people's eyes light up when the achieve a difficult pose they never thought possible or when that self worth light turns on. I want to empower people, make them more comfortable exactly as they are, and love their lives. Yoga is the perfect vehicle for that.


-Did making yoga your career have any effect on your enjoyment in your personal practice

Oh my goodness, yes! It happens to all teachers at some point. If you eat, breath, live yoga you're bound to get a bit run down on the actual mat. I still love practicing, but not in the way I did when it first came to me. It is a full time job, so I like to explore other venues like pilates, pure barre, hip-hop dance, etc. I find that if I keep it fresh my yoga practice always feels like home when I unroll my mat.


-In addition to yoga, you are a sky diver, puppy owner, explorer, cook, partner, and constantly striving to eat true and love true. What are you secrets of balance through all of those?

My secret? One day at a time. When your plate overflows it's simultaneously amazing and overwhelming. I tackle what I can day by day instead of taking on my entire life in each moment. It allows me to show up, hear what needs to be heard, do what needs to be done and do it to my best abilities. All you can do is show up, do your best and then go to sleep knowing that was a perfect day.

Photo by Stark Photography 

Photo by Stark Photography 


-What are some of your bigger challenges/obstacles you face to maintain balance in your life?

The travel is a constant challenge. My immune system and sinuses are always angry and weak. I work with an acupuncturist and holistic practitioner to keep myself in the best condition possible. It's also difficult leaving home on a regular basis. My family, dogs, and friends are my heartbeat. I'm trying to make my trips less frequent and shorter so I can be home. It's my recharge button and I do my best to drop my teacher hat and just be me. I love that.

Biomimicry and the Security Industry

This is something I have been thinking about/working on. It's still a work in progress so there are still questions left unanswered. I'd love any feedback, input that you have while reading it.



Biomimicry in Security

In nature the only organisms that survive –plant and animal alike- are those that are able to do two things. First, they must adapt to evade their attackers. Some do this with increased speed through aerodynamics, some develop coloring that camouflages them into their surroundings. Second, an organism must become efficient at obtaining the resources they need to survive. A great example of this is the King Fisher. This is a bird that has adapted over time to dive from the air into water without a splash so that it doesn’t obstruct its view of the fish in the water. This makes each dive more efficient at acquiring food. If either attackers or resources are ignored, and an organism fails to adapt, eventually the individual- and possibly the species- will die off. This same model of adaptation seen in nature can and should be applied to security in order to create effective and efficient programs. By viewing a program as an organism that has to adapt to attackers and efficiently get its resources you can create a program that will survive consistently changing parameters.

Attackers and Resources

In order to effectively adapt/prepare for attackers you need to define what or who your attacker(s) is(are). The security industry has a very attacker oriented mindset therefore it is usually easy to define across different programs. In security awareness, for example, the attackers are social engineers that target users. Even though I have narrowed down the attacker to one group in each example I recognize it is not always this simple. In nature, organisms do not have a single attacker they are protecting against but instead fall prey to a wide variety of dangers. Instead of running ragged by adapting to all of them an organism focuses on the main ones that provide the most danger to their survival. The same should occur when applying this to security. Find your main attacker(s) and begin by focusing on adapting to them rather than all possibilities.

Defining required resources can be much more difficult. If you asked someone in an IT department what their required resource was to survive the answer would probably depend on what their job function was. If you go high enough up in the organization, you might even hear that the whole purpose is to make the company money, therefore, the required resource for an IT groups’ survival is money. This is where defining resources can get tricky. While the ultimate goal of every system in a business is the sustainability of the enterprise as a whole, your goal, as well as required resources within security has to be specific to your program. The goal of a pride of lions is to perpetuate the species therefore they need the appropriate balance of males and females, as well as enough food and water to keep the pride alive. On the other hand the goals and required resources of each individual lion is different. A mother lioness’ main required resource is food for her young -which easily parallels the goal of the overall pride- while an alpha male may kill another lions cubs to ensure that only his genes are passed on possibly hurting the longevity of the pride if he can not produce viable male offspring. In this case the goal of the overall group is not the same as the individual. Another reason that defining ‘required resource’ can be so tricky is because many security programs have not traditionally focused on this area but instead put all efforts in fighting attackers. For example, what is the required resource that a security awareness program needs to survive? Is it money? People? Time? I have thought about this for a while and am not totally sure. 

While challenges do exist in defining ‘attackers’ and ‘resources’ once you have been able to identify each then you can start to evaluate how your program is currently adapting to each. As long as you create a program that is constantly addressing these two things your chances of survival- reaching your security objectives- are significantly higher.

<a href="">Follow my blog with Bloglovin</a>