Marinus J. Kuivenhoven
Edzo A. Botjes
62nd ESReDA Seminar On
Managing the unexpected:
designing systems to embrace disorder
for increasing asset reliability
2023 04 12 @ UTwente
Embrace
Chaos &
Antifragility
Security
Security
2023-04� Embrace chaos & Antifragility
Who are we
Security
2023-04� Embrace chaos & Antifragility
GOAL
Content
Appendix
Security
2023-04� Embrace chaos & Antifragility
SECURITY
A definition of security by Bruce Schneier
Reality
Feeling
Secure
in-Secure
Bruce Schneier: The security mirage - https://www.ted.com/talks/bruce_schneier_the_security_mirage
Security
2023-04� Embrace chaos & Antifragility
Flaws and bugs
“Bugs are simple mistakes in code leading to problems like buffer overflows;
flaws are mistakes in design. It turns out that a lot of software is flawed.
In fact, if you step back and look at a multitude of security problems over time, �you'll find that about 50% of them are due to bugs and 50% due to flaws.”
Functional
request
Technical
implementation
flaw
bug
security
Gary McGraw - https://linuxsecurity.com/features/an-interview-with-gary-mcgraw-co-author-of-exploiting-software-how-to-break-code
Security
2023-04� Embrace chaos & Antifragility
Perspective �and information
Perspective and information
https://twitter.com/DrNeenaJha/status/1338105837684977664
Security
2023-04� Embrace chaos & Antifragility
Perspective and information
https://twitter.com/TanMohammedMD/status/1337865483446587392
Security
2023-04� Embrace chaos & Antifragility
Perspective and information
https://en.wikipedia.org/wiki/Rabbit%E2%80%93duck_illusion�https://scitechconnect.elsevier.com/lessons-from-the-dress-the-fundamental-ambiguity-of-visual-perception
Security
2023-04� Embrace chaos & Antifragility
Perception �and information
Reflections and information
https://twitter.com/NicoleBeckwith/status/1277236284470280195/photo/1
Security
2023-04� Embrace chaos & Antifragility
Reflections and information
https://writing.exchange/@XanIndigo/109966588561594572
Security
2023-04� Embrace chaos & Antifragility
the colors in the rectangles are the same
https://writing.exchange/@XanIndigo/109966588561594572
Security
2023-04� Embrace chaos & Antifragility
Visualisation and information
https://twitter.com/jimhejl/status/1452814882701824001
https://twitter.com/AkiyoshiKitaoka/status/1568102162064113669
https://www.ritsumei.ac.jp/~akitaoka/index-e.html
Security
2023-04� Embrace chaos & Antifragility
https://www.ritsumei.ac.jp/~akitaoka/index-e.html
Rotating Snakes
https://www.linkedin.com/posts/rafaelgiraldotenorio_entarch-activity-6681201385402376192-4MNK
Security
2023-04� Embrace chaos & Antifragility
CONNECTIONS
Connections leads to chaos
1
2
Double Pendulum
https://en.wikipedia.org/wiki/Double_pendulum �Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. �https://doi.org/10.5281/zenodo.3719389
Security
2023-04� Embrace chaos & Antifragility
Innovation drives new connections
Huber, D., Kaufmann, H., and Steinmann, M. (2017). Innovation: An Abiding Enigma, pages 11–19. Springer International Publishing, Cham. https://books.google.nl/books?id=rzckDwAAQBAJ
Security
2023-04� Embrace chaos & Antifragility
Nonlinear dynamical systems
�https://www.linkedin.com/posts/complexity-academy_complexitytheory-activity-6625721108249354241-MsJi
Security
2023-04� Embrace chaos & Antifragility
https://commons.wikimedia.org/wiki/File:CMB_universe_expansion.png
CHAOS
The two faces of chaos
If a situation is chaotic depends on the perspective of the observer, �this is the subjective part of chaos.
1
2
Double Pendulum
If a situation contains over a certain amount of connections, then it is impossible to predict the future, �this is the objective part of chaos.
https://en.wikipedia.org/wiki/Double_pendulum �https://en.wikipedia.org/wiki/Rabbit%E2%80%93duck_illusion
https://www.linkedin.com/posts/rafaelgiraldotenorio_entarch-activity-6681201385402376192-4MNK
https://www.linkedin.com/posts/complexity-academy_complexitytheory-activity-6625721108249354241-MsJi
Security
2023-04� Embrace chaos & Antifragility
The continuous security challenge
Reality
Feeling
Secure
in-Secure
Increasing subjective chaos
Increasing objective
chaos
MSc thesis: https://zenodo.org/record/3719389 // IEEE article: https://www.researchgate.net/publication/354321606 // Security: https://www.ted.com/talks/bruce_schneier_the_security_mirage
Security
2023-04� Embrace chaos & Antifragility
VARIETY �AND �SECURITY
Law of Requisite Variety
Variety is the number of possible states of whatever it is whose complexity we want measure - Beer, 1979
‘variety absorbs variety‘ - Beer, 1979
Attenuate Variety
Amplify Variety
‘variety can destroy variety‘ - Ashby, 1956
Ashby, W. R. (1958). Requisite variety and its implications for the control of complex systems. Cybernetica, 1(2):83–99.�Beer, S. (1979). The heart of enterprise: the managerial cybernetics of organization, volume 2 of Managerial cybernetics of organization. John Wiley & Sons, Chichester, West Sussex, UK
Increasing chaos equals increasing variety.
Dealing with chaos equals dealing with variety.
Security
2023-04� Embrace chaos & Antifragility
Security - The power of the many
also called ‘variety can destroy variety‘.
http://web.archive.org/web/20220226145643/http://ars.userfriendly.org/cartoons/?id=20021110
Security
2023-04� Embrace chaos & Antifragility
Security - The human variety
also called ‘variety can destroy variety‘.
https://twitter.com/TheRealSpaf/status/1401555550480080901/photo/1
https://cloudsecurityalliance.org/artifacts/state-of-cloud-security-risk-compliance
Security
2023-04� Embrace chaos & Antifragility
ANTIFRAGILITY �& RESILIENCE
Fragile has an mirror, anti-fragile
Taleb, N. N. (2012). Antifragile: Things that gain from disorder (Vol. 3). Random House Trade Paperbacks.
Security
2023-04� Embrace chaos & Antifragility
How to become antifragile?
Amplify Variety
202210 | © CC BY-SA 4.0�https://doi.org/10.5281/zenodo.3719388
also called ‘variety can destroy variety‘. �First resilience.
Ashby, W. R. (1958). Requisite variety and its implications for the control of complex systems. Cybernetica, 1(2):83–99.�Beer, S. (1979). The heart of enterprise: the managerial cybernetics of organization, volume 2 of Managerial cybernetics of organization. John Wiley & Sons, Chichester, West Sussex, UK
Security
2023-04� Embrace chaos & Antifragility
Resilience is about bouncing back
Security
2023-04� Embrace chaos & Antifragility
Three types of resilience
Martin-Breen, P. and Anderies, J. M. (2011). The bellagio initiative, background paper, resilience: A literature review. In Resilience: A Literature Review, Brighton:IDS. http://opendocs.ids.ac.uk/opendocs/handle/123456789/3692.
Taleb, N. N. (2012). Antifragile: Things that gain from disorder (Vol. 3). Random House Trade Paperbacks.
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
Security
2023-04� Embrace chaos & Antifragility
Three types of resilience
construction stays the same
�functionality stays the same
construction changes� �functionality stays the same
construction changes� �functionality changes
Martin-Breen and Anderies (2011), Taleb (2012), Botjes et al. (2021)
Security
2023-04� Embrace chaos & Antifragility
How does it fit?
Taleb, N. N. (2012). Antifragile: Things that gain from disorder (Vol. 3). Random House Trade Paperbacks.
Security
2023-04� Embrace chaos & Antifragility
How does it fit?
Martin-Breen and Anderies (2011),
Taleb (2012),
Botjes et al.(2021)
Security
2023-04� Embrace chaos & Antifragility
Resilience => Antifragility
Martin-Breen, P. and Anderies, J. M. (2011). The bellagio initiative, background paper, resilience: A literature review. In Resilience: A Literature Review, Brighton:IDS. http://opendocs.ids.ac.uk/opendocs/handle/123456789/3692.
Taleb, N. N. (2012). Antifragile: Things that gain from disorder (Vol. 3). Random House Trade Paperbacks.
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
Security
2023-04� Embrace chaos & Antifragility
Resilience => Antifragility
Impertinent
Recover
Adapt
Martin-Breen, P. and Anderies, J. M. (2011). The bellagio initiative, background paper, resilience: A literature review. In Resilience: A Literature Review, Brighton:IDS. http://opendocs.ids.ac.uk/opendocs/handle/123456789/3692.
Taleb, N. N. (2012). Antifragile: Things that gain from disorder (Vol. 3). Random House Trade Paperbacks.
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
Security
2023-04� Embrace chaos & Antifragility
EXTENDED ANTIFRAGILITY ATTRIBUTE �LIST
Resilient/ Antifragile organisation design
Learning �Organization
E. Botjes, M. van den Berg, B. van Gils and H. Mulder, "Attributes relevant to antifragile organizations," 2021 IEEE 23rd Conference on Business Informatics (CBI), Bolzano, Italy, 2021, pp. 62-71, �doi: 10.1109/CBI52690.2021.00017.
Attenuate Variety
Amplify Variety
Security
2023-04� Embrace chaos & Antifragility
Resilient/ Antifragile organisation design
Learning �Organization
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
Attenuate Variety
Amplify Variety
Top-down C&C
Micro-management
Redundancy
Modularity
Loosely coupled
Diversity
Non-monotonicity
Emergence
Self-organization
Insert low-level stress
Network-connections
Fail Fast
Resources to invest
Seneca’s barbell
Insert randomness
Reduce naive intervention
Skin in the game
Security
2023-04� Embrace chaos & Antifragility
Resilient/ Antifragile organisation design
Learning Organization
Personal mastery, Shared mental models, Building shared vision,
Team learning, Systems thinking.
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
Attenuate Variety
Amplify Variety
Top-down C&C
Micro-management
Redundancy
Modularity
Loosely coupled
Diversity
Non-monotonicity
Emergence
Self-organization
Insert low-level stress
Network-connections
Fail Fast
Resources to invest
Seneca’s barbell
Insert randomness
Reduce naive intervention
Skin in the game
Security
2023-04� Embrace chaos & Antifragility
https://pbs.twimg.com/media/C-QXz4BXsAAArh0?format=jpg&name=small
BREAK
UNKNOWN�UNKNOWN
&�MENTAL MODELS
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
What is security?
Reality
Feeling
Security
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
What causes uncertainty?
Design
Describe
Develop
Determine
Deploy
Do-it-again / Deprecate
Desire
Assumptions
Ambiguous
Resources
Unclear
Skills
Means
Risks
Feasible
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Did the T-Rex walk over air? How could we fix this?
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Secure Development Lifecycle
Requirements
Use Cases
Security Requirements
Abuse Cases
Architecture
Design
Threat Model
Flaw Analysis
Test plans
Plan Security Test
Code
Static Code Review
Test results
Clearance Advice
Application
Security Assessment
Feedback
Continuity Plan
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Desire
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
The basics of Threat Modelling
Asset
Valuable resource
Vulnerability
Exploitable
weakness
Threat agent
Causes harm
Risk
Potential harm occurring
?
Countermeasure
Reduces risk
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
Security
2023-04� Embrace chaos & Antifragility
"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.”
Bruce Schneier, secrets and lies, 2007
Security
2023-04� Embrace chaos & Antifragility
THREAT MODELS
Threat Model Process
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
Security
2023-04� Embrace chaos & Antifragility
Threat Model Model
https://xebia.com/blog/threat-modeling-without-a-diagram/
Security
2023-04� Embrace chaos & Antifragility
Data Flow Diagram
https://learn.microsoft.com/en-us/windows-hardware/drivers/driversecurity/threat-modeling-for-drivers
Security
2023-04� Embrace chaos & Antifragility
STRIDE
https://developer.ibm.com/articles/threat-modeling-microservices-openshift-4/
Security
2023-04� Embrace chaos & Antifragility
USE CASE vs ABUSE CASE
Security
2023-04� Embrace chaos & Antifragility
LEARNING ORGANIZATION�AND �PERSONAL ACTION
Learning model of Senge and Hestenes
Mental Model
Building shared vision
Personal�Mastery
Team�Learning
Systems�Thinking
I
III
II
IV
V
Senge, P. M. (1990). The Fifth Discipline: The Art and Practice of the Learning organisation. A Currency book. Doubleday/Currency, New York, NY, USA. http://www.worldcat.org/oclc/815873729. ��Hestenes, D. (2010). Modeling theory for math and science education. In Modeling students’ mathematical modeling competencies, pages 13–41. Springer.
Security
2023-04� Embrace chaos & Antifragility
Learning model of Senge and Hennes
Mental Model
Building shared vision
Personal�Mastery
Team�Learning
Systems�Thinking
I
III
II
IV
V
Senge, P. M. (1990). The Fifth Discipline: The Art and Practice of the Learning organisation. A Currency book. Doubleday/Currency, New York, NY, USA.
Hestenes, D. (2010). Modeling theory for math and science education. In Modeling students’ mathematical modeling competencies, pages 13–41. Springer.
Security
2023-04� Embrace chaos & Antifragility
Systems Thinking
Mental Model
Building shared vision
Personal�Mastery
Team�Learning
Systems�Thinking
Behavior
Reality
I
III
II
IV
V
!
Senge, P. M. (1990). The Fifth Discipline: The Art and Practice of the Learning organisation. A Currency book. Doubleday/Currency, New York, NY, USA.
Hestenes, D. (2010). Modeling theory for math and science education. In Modeling students’ mathematical modeling competencies, pages 13–41. Springer.
Security
2023-04� Embrace chaos & Antifragility
Morphogenic social system model
Archer, M. S. (1995). Realist social theory: The morphogenetic approach. Cambridge university press.
Security
2023-04� Embrace chaos & Antifragility
On mental models, knowledge and action
Dietz, J., & Hoogervorst, J. (2017). Foundations of enterprise engineering. TEE-00 https://www.researchgate.net/publication/320353420_Foundations_of_Enterprise_Engineering
Hestenes, D. (2006). Notes for a modeling theory. In Proceedings of the 2006 GIREP conference: Modeling in physics and physics education, volume 31, page 27. University of Amsterdam Amsterdam�https://www.semanticscholar.org/paper/Notes-for-a-Modeling-Theory-of-Science%2C-Cognition-Hestenes/066bbeae4d25ade2d16055886e330159bf3a2312
Hestenes, D. (2010). Modeling theory for math and science education. In Modeling students’ mathematical modeling competencies, pages 13–41. Springer.
Mental �Models�(Subjective) personal knowledge
Conceptual Model�(Subjective) personal knowledge
Real things �& Process
Creating
Understanding
Perception
Action
Interpretation
Representation
Hestenes (2006), Hestenes (2010), Dietz and Hoogervorst (2017)
There is a difference between mental models used for action and mental models to understand.
Security
2023-04� Embrace chaos & Antifragility
Attributed based artifact design is fragile
FAjzen, I. (1991). The theory of planned behavior. Organizational behavior and human decision processes, 50(2), 179-211.
Fishbein, M., & Ajzen, I. (2011). Predicting and changing behavior: The reasoned action approach. Taylor & Francis.
https://en.wikipedia.org/wiki/Reasoned_action_approach (image uploaded by Gjalt-Jorn Peters, feedback loop is new)
“Q: What is the difference between the theory of planned behavior (TPB) and the reasoned action approach (RAA)?
A: As its name implies, the reasoned action approach (RAA) is a general framework for predicting and explaining behavior in which it is assumed that much human behavior involves a measure of reasoning. The theory of planned behavior (TPB) is the best-known and most frequently applied theoretical model of this kind, but other models, such as Bandura's social cognitive theory and the health belief model, may also be viewed as taking a reasoned action approach. When reporting or discussing research findings, it is therefore not sufficient to reference the "reasoned action approach." Instead, you should refer to the particular model or theory within this general framework on which the research is based. “- https://people.umass.edu/aizen/faq.html
Statement: a design (group) activity is behaviour and is the result of knowledge (conceptual model) and action (RAA/ TPB) and therefore very limited in designing an artifact for the unknown where the variety of the EAAL designed artifacts meets the variety of the reality. Since thee RAA/TPB are dampening variety and the step from personal mental model to shared mental model is also dampening variety.
Security
2023-04� Embrace chaos & Antifragility
"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.”
Bruce Schneier, secrets and lies, 2007
Security
2023-04� Embrace chaos & Antifragility
ABOUT US …
Multiple whitepapers�Thesis with 1500+ reads�40+ Blogs�Quoted in Books and Theses.
Consultancy for �7 Sectors,
30 Clients,
40+ Assignments�Infra to business strategy
@Edzob
(.com, LinkedIn, Twitter)
2021- now Xebia
2006 - 2020 Sogeti
1992 - 2006 your IT guy
Research
ASc�Computer Science
2003
MSc�Enterprise�Architecture
2020
BSc�Business Information Systems
2006
PhD student�Information Security
2021-
Share
Apply
Edzo Botjes�Organisational Resilience Architect �Antifragility Architect
Trusted Advisor
https://www.edzob.com�ebotjes@xebia.com
Teaching Enterprise Architecture (MSc) at
Utrecht University
of Applied Sciences
2022 -
2023-04
Embrace chaos & Antifragility
Edzo Botjes�Organisational Resilience Architect �Antifragility Architect
Trusted Advisor
https://www.edzob.com�ebotjes@xebia.com
Consultant @ Xebia�2021-
Consultant @ Sogeti�2006 - 2020
Internships�2005-2006
2023-04
Embrace chaos & Antifragility
Edzo Botjes�Organisational Resilience Architect �Antifragility Architect
Trusted Advisor
https://www.edzob.com
ebotjes@xebia.com
Continuous Learning loop
Research
Share
Apply
2023-04
Embrace chaos & Antifragility
Marinus J. Kuivenhoven
Chief Technology Officer at Xebia Security
https://www.linkedin.com/in/marinuskuivenhoven/
2023-04
Embrace chaos & Antifragility
APPENDIX
List of handy Links
Appendix
Open | Description |
Botjes, Edzo. (2020). �Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389 | MSc Thesis on Antifragility |
Bliekendaal, René. (2022). �Towards an Antifragile Public Sector �(1.0.1) [Zenodo]. https://doi.org/10.5281/zenodo.6862568 | MSc Thesis on Antifragility |
E. Botjes, M. van den Berg, B. van Gils and H. Mulder, "Attributes relevant to antifragile organizations," 2021 IEEE 23rd Conference on Business Informatics (CBI), Bolzano, Italy, 2021, pp. 62-71, doi: 10.1109/CBI52690.2021.00017. https://www.researchgate.net/publication/354321606_Attributes_relevant_to_antifragile_organizations | IEEE Paper on Antifragility |
MSc and EA Books - in permanent Beta�https://docs.google.com/presentation/d/174iGCqDcX5g5BFQB4oKTae6cWi48EXMYG3LH8GtpZig/edit?usp=sharing | Curated list of books and videos on topics relevant to the domain of Enterprise Architecture. |
DevOps / DevSecOps books�https://docs.google.com/presentation/d/1Ik50npE3oVh5_81AA1jf7ThDNpwX1ooYZGlx__WZ-Vw/edit?usp=sharing | A list of books relevant to the domain of DevSecOps. |
Security
2023-04� Embrace chaos & Antifragility
To become more secure, make sense of your context and respond
Reality
Feeling
Secure
in-Secure
1
2
Double Pendulum
Probe - Sense - Respond
Act - Sense - Respond
Sense - Analyze - Respond
Sense - Categorize - Respond
Botjes, Edzo. (2020). Defining Antifragility and the application on Organisation Design (1.0) [Zenodo]. https://doi.org/10.5281/zenodo.3719389
https://www.ted.com/talks/bruce_schneier_the_security_mirage
https://en.wikipedia.org/wiki/Double_pendulum
Strategy in the context of uncertainty https://doi.org/10.1108/08944310510556955 �Complexity Theory: An Overview with Potential Applications for the Social Sciences https://www.researchgate.net/publication/330500755 �The new dynamics of strategy: Sense-making in a complex and complicated world https://ieeexplore.ieee.org/abstract/document/5386804 �https://thecynefin.co/library/cynefin-weaving-sense-making-into-the-fabric-of-our-world �https://www.systemswisdom.com/sites/default/files/Snowdon-and-Boone-A-Leader's-Framework-for-Decision-Making_0.pdf �Huber, D., Kaufmann, H., and Steinmann, M. (2017). Innovation: An Abiding Enigma, pages 11–19. Springer International Publishing, Cham. https://books.google.nl/books?id=rzckDwAAQBAJ
Appendix
Security
2023-04� Embrace chaos & Antifragility
The law of 3
Security
Business
Strategy
Information
Information Systems
Infrastructure
Service Management
Objective chaos, Subjective chaos and
The map is not the terrain
1
2
Double Pendulum
Situational awareness/ Cynefin,�Product development and�Maturity Models
Slice the cake,�optimize for luck and
Infinite layers
Virtual Machine
Network & Power
Storage
Database
Middleware
Application
Operating System
HyperVisor
Virtual Network
Compute/CPU
Application 3-Tier Layer
Virtual Machine Layer
Virtualization Layer
Hardware Layer
Configuration
Appendix
Security
2023-04� Embrace chaos & Antifragility
Toolkit
Mental Model
Building shared vision
Personal�Mastery
Team�Learning
Systems�Thinking
I
III
II
IV
V
Business
Strategy
Information
Information Systems
Infrastructure
Service Management
Security
What
How
Why
Appendix
Security
2023-04� Embrace chaos & Antifragility
The Agile Organization
“The agile organization is dawning as the new dominant organizational paradigm. (2017)”
Appendix
https://en.wikipedia.org/wiki/Antifragile_(book)
https://www.mckinsey.com/business-functions/organization/our-insights/the-five-trademarks-of-agile-organizations
Security
2023-04� Embrace chaos & Antifragility
Cynefin
Holistic
approach
Reductionistic
approach
Security
2023-04� Embrace chaos & Antifragility
Not all is chaos, Cynefin to make sense.
https://doi.org/10.1108/08944310510556955 �https://www.researchgate.net/publication/330500755 �https://ieeexplore.ieee.org/abstract/document/5386804 �https://thecynefin.co/library/cynefin-weaving-sense-making-into-the-fabric-of-our-world/ �https://www.systemswisdom.com/sites/default/files/Snowdon-and-Boone-A-Leader's-Framework-for-Decision-Making_0.pdf
Reductionistic
approach
Holistic
approach
Probe - Sense - Respond
Act - Sense - Respond
Sense - Analyze - Respond
Sense - Categorize - Respond
Security
2023-04� Embrace chaos & Antifragility
Cynefin by Dave Snowden, another visualisation
Appendix
https://www.linq.it/complexity-is-killing-your-business/cynefinfrwk/
Security
2023-04� Embrace chaos & Antifragility
Cynefin by Dave Snowden
Appendix
https://www.cecan.ac.uk/events/cecan-webinar-cynefin-navigating-uncertainty/
Security
2023-04� Embrace chaos & Antifragility
Learning model of Senge and Hestenes
Mental Model
Building shared vision
Personal�Mastery
Team�Learning
Systems�Thinking
I
III
II
IV
V
Senge, P. M. (1990). The Fifth Discipline: The Art and Practice of the Learning organisation. A Currency book. Doubleday/Currency, New York, NY, USA. http://www.worldcat.org/oclc/815873729. ��Hestenes, D. (2010). Modeling theory for math and science education. In Modeling students’ mathematical modeling competencies, pages 13–41. Springer.
Appendix
Security
2023-04� Embrace chaos & Antifragility
Appendix
Security
2023-04� Embrace chaos & Antifragility
Product development stages
Appendix
Meige, 2016 Three Factors Driving the Uberization of Talents, https://open-organisation.com/en/2016/01/29/three-factors-driving-the-uberization-of-talents
Botjes, 2018 - Three Steps to Successful Innovation, https://labs.sogeti.com/three-steps-to-successful-innovation
Kim, 2005 - Blue Ocean Strategy, https://www.goodreads.com/book/show/4898
Knapp et al, 2016 - Sprint, https://www.goodreads.com/book/show/25814544
Ries, 2011 - The Lean Startup, https://www.goodreads.com/book/show/10127019
Security
2023-04� Embrace chaos & Antifragility
Product development stages
Appendix
Gartner, 2017 Enterprise Architecture and Technology Innovation Leadership Vision for 2017, https://www.gartner.com/binaries/content/assets/events/keywords/enterprise-architecture/epaeu17/enterprise_architecture_and__tech-innovation.pdf
Security
2023-04� Embrace chaos & Antifragility
Godfather of devops infinity loop
You will find many iterations and variations on this loop
Appendix
https://awkwardgen.com/devops-infinity-loop-for-beginners/
Security
2023-04� Embrace chaos & Antifragility
Levels of Automating “product” creation by DoD
https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsFundamentalsPlaybook.pdf
https://dodcio.defense.gov/Portals/0/Documents/DoD%20Enterprise%20DevSecOps%20Reference%20Design%20v1.0_Public%20Release.pdf
Appendix
Security
2023-04� Embrace chaos & Antifragility
… as a Service
Appendix
Security
2023-04� Embrace chaos & Antifragility
The Cloud
�https://commons.wikimedia.org/wiki/File:CMB_universe_expansion.png �https://www.researchgate.net/publication/327700356
Appendix
Security
2023-04� Embrace chaos & Antifragility
OSI Cloud Stack (adaption)
Appendix
Integrity
Access (Identify & keys)
Virtual Machine
Network & Power
Storage
Database
Middleware
Application
Operating System
HyperVisor
Virtual Network
Compute/CPU
Application 3-Tier Layer
Virtual Machine Layer
Virtualization Layer
Hardware Layer
Configuration
Tools/ Services
Data / Interfaces
(DevOps) LifeCycle Management
Dev & Ops Environment
Security
2023-04� Embrace chaos & Antifragility
Cyber Defense Matrix
Appendix
https://cyberdefensematrix.com
Security
2023-04� Embrace chaos & Antifragility
Stafford Beer - Viable Systems Model
https://www.wikiwand.com/en/Viable_system_model
https://en.wikipedia.org/wiki/Stafford_Beer
Appendix
Security
2023-04� Embrace chaos & Antifragility
TRANSACTION AS FABRIC OF OUR REALITY
https://www.pronto-lectures.org/docs/glossary/
https://www.researchgate.net/publication/351461134_The_Evolution_of_DEMO
Appendix
Security
2023-04� Embrace chaos & Antifragility
Law of Requisite Variety
https://www.flickr.com/photos/davegray/6463738151 .
1
2
Double Pendulum
Appendix
Security
2023-04� Embrace chaos & Antifragility