Resilience

A few days after sending an application to the Dutch Ministry of Defence for a senior cyber and information security advisory role, I read an NRC article about publicly accessible details of Dutch military infrastructure. Not leaked documents. Not espionage. Not shadowy dead drops in rainy parking garages. Public websites. Pipeline routes. Radar dependencies. Cable maps. Technical drawings. Backup systems. Segmentation details. Power feeds. Coordinates. Bits of information scattered across agencies, permits, infrastructure registries, environmental datasets and planning portals like breadcrumbs dropped by a committee convinced that nothing bad ever happens in spreadsheets. ...

This is not incompetence. It is the system behaving exactly as it did before, including in the room where the review takes place. Describing the incident instead of explaining it Most incident post-mortems or retrospectives reconstruct the sequence of events. What happened, in what order, and what could have been done differently. Useful, but shallow. The more important question is usually skipped: what had to be true about the organisation for this to happen at all? ...

Most organisations are aware of this. Very few act on it. The result is a detection posture that looks busy, looks measured, and quietly fails in the places that matter. This is where breaches tend to settle in and make themselves comfortable. A library of yesterday’s attacks Detection engineering is usually reactive. Something happens, a technique is identified, a rule is written. Over time this builds a library of detections that reflects what has already been seen, filtered through whatever incidents and intelligence happened to reach the team. ...

When scenario planning practitioners and others speak of “looking forward”, they don’t mean prediction. Forecasting implies we know where we’re going, while scenario planning admits we do not. Looking forward is not clairvoyance, nor is it the worship of trend graphs. It is not about guessing which shiny technology or geopolitical shift will “win”. Like a single renewable technology or control system which will dominate the grid. That kind of forward-looking, the PowerPoint prophecy, breeds false certainty. ...

A developer pushes a feature. Security flags a missing TLS configuration. Operations scrambles to patch the database. Alerts multiply while emails ping insistently and no one knows who owns what. Technical pipelines are fine. The human side stutters. Miscommunication, conflicting priorities, and unspoken assumptions slow down response and occasionally create a small drama worthy of a sitcom. DevOps, Security, and Ops can be aligned by noticing patterns in how teams interact under stress, practising adaptive responses, and embedding relational awareness into everyday workflows. The goal is operational harmony without the motivational poster clichés or mandatory soft-skills seminars. ...

Introduction A SOC alert does not knock politely. It arrives like a crowd of people shouting different instructions in a language only half understood. One alert maybe says “ransomware detected,” another could flag “unusual login,” and the logs you trust most are blank. Analysts glance at dashboards, shrug, and whisper to each other over Teams while the CISO insists on updates every five minutes. Virginia Satir’s work gives us a lens for understanding this chaos. She mapped how people respond to stress, communicate under pressure, and shape collective outcomes. Her stances, emotional congruence, and relational awareness offer a way to train teams not just to follow procedures, but to survive pressure without fracturing. ...

The internet is fundamentally broken. The question now is: what can we do? The answer is messy, expensive, and occasionally involves telling very powerful people that their business model is morally questionable. Accepting the obvious First, acknowledge the unpleasant truth: there is no quick fix. Security is not a feature to be bolted on after launch; it is a mindset, a discipline, and a budget item that competes poorly with shiny new apps and quarterly profits. Anyone promising a “secure internet in six months” is either deluded, lying, or hoping to sell you a consultancy package. Acceptance, at least, costs nothing. ...

Once upon a time, the internet was described as an “information superhighway”. In truth, it more closely resembles the back alley behind a funfair: noisy, sticky underfoot, and populated by people selling things you probably do not want but will end up buying anyway. It is not defendable in any serious sense, and the extraordinary thing is that everyone knows this but insists on behaving as if surprise breaches and collapses are acts of God rather than consequences of design. ...

David Clark remembers the moment the Internet’s Pandora’s box creaked open and said, “Hello, world.” It was 2 November 1988, and the Morris Worm was slithering its way through cyberspace like a python on speed. Designed with the innocence of a curious grad student and the destruction of a cyber sledgehammer, it crashed some 6,000 machines, roughly one-tenth of the Internet at the time. Not bad for an opening act. ...