Rebuilding a Plane in Flight: Refactors Under Pressure

15 Aug 2017 00:00

A half-day training run at the 2017 NSF Cybersecurity Summit covering how to manage critical refactors of systems and software. Based on an earlier training at O’Reilly OSCON.

Additional Reading

Referred to during the talk

  • The Mythical Man Month is Fred Brooks’ classic work on running software teams. Originally railing against the problems of HR or upper management treating software engineers as interchangeable, or trying to save failing projects by throwing more developers at them, it’s become an important work to know in terms of how to build a team capable of engineering rigor.

  • Security Exercises this is a free-to-you reprint of a July 2016 issue of my LinuxJournal column “Under the Sink”, where I gave a crash course in running information security exercises, getting buy-in for them within an organization, and making them useful to the evolution of your information security program. Much of this could be generalized to any kind of disaster preparedness.

  • Postmortem is an “Under the Sink” column from the February 2017 edition of Linux Journal covering how to do effective postmortem reviews for both real and simulated incidents, to ensure that the knowledge gained makes it back into the organization.

Other skill builders for future rescuers-of-technology

  • Conflict Communication by Rory Miller is fast becoming one of the handful of staple materials for teaching hostage negotiators and others who do life-critical communication tasks. However, unlike many of the others, I believe that this text is accessible to those without a psych background who just have to deal with normal humans who are under high pressure. It’s a relatively short, easy read and worth every page.

  • Holy Triage, Batman! is another “Under the Sink” issue, from Linux Journal November 2016, covering methods for triaging hairball code and finding its points of greatest crisis.


Susan E. Sons

Susan E. Sons is a passionate and experienced information security leader who enjoys moving across verticals, down into the weeds, and up to the sky-view to see what others don’t, build unusually effective information security teams and programs, and help mature the field.