Security by Social Design Thumbnail
Improving Technical Security 22 July 2015

Security by Social Design

By Olaf KolkmanPrincipal - Internet Technology, Policy, and Advocacy

I recently visited Nairobi, Kenya where I took part in the Nairobi Intercommunity 2015 Hub. After the room had filled with paper airplanes ranging from ingenious origami that sliced the air in almost romantic ways to improvised ballistic models we had a small panel discussion on the concept of collaborative security.

In a panel with Peter Muia, Senior System Engineer at KENET, and Tyrus Kamau, Head of Information Security at Airtel Money Africa, we talked about collaborative security. It is in these sorts of discussions where the concept really starts to live.

During the discussion Tyrus described how he experienced the gap between graduates and industry. I believe he used the term ‘dual tragedy’: Industry is not able to fill positions with capable staff while recently graduated ICT-ers are unemployed. That gap between what education offers and what the industry needs is not only a Kenyan challenge. I’ve heard these sounds before also in my home country of the Netherlands and in the United States.

Good IT professionals take the maxim of ‘security by design’ to heart. It is important to consider the security of a system whilst designing it. Bolting on security as an afterthought is not just difficult, sometimes it is a (prohibitively) expensive exercise. While good security specialists have skills that may be hard to acquire (creativity and curiosity), the mindset and methodologies are something that the education system, peers, and mentors can expose you to. Those environments can be created.

Tyrus had done just that: taken the initiative to organize boot camps for groups of students. Expose them to cyber security topics through high-intensity hands-on courses. That resonates with the collaborative security approach. Trust in the Internet can be maintained only by the action of many, and in order to scale that we need to consider security at design. That is not only when we build systems but also when we educate our students. By taking local action (putting your money where your mouth is) and trying to find an approach that has the largest impact (thinking globally) the boot camps can act as a magnifier that results in a generation of security-savvy engineers from which not only Kenyan industry but the whole Internet benefits.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...