A new venture aiming to make a difference

[SentinelInfoSec]

Up

0

::

Well, here we are with number three. Business venture number three, that is…

( Warning: what follows is a lightly edited train-of-thought on what I’m doing and why. tl;dr : I’m starting up some information security tutorials especially for small business. Come along. )

I can’t believe it has been (only) 2 and a half years since I posted in this very forum about the joys of 18 hour days. It was almost Christmas 2011, and I was just diving into a new business in an unfamiliar field. It was fun, a little scary, but most of all, fulfilling. I felt as if I was doing something that mattered – I’ve discovered that is a critical driver for me – I need to feel that what I am doing is important in a long-term sense. The business I was starting then has since been swallowed up by a bigger fish and I have since moved on to bigger things. Sentinel Meteorology is still in its early stages – not actually making money yet, but certainly moving in that direction ahead of my earlier, somewhat conservative, forecasts. All good.

In my past life as an employee in engineering, I worked in many large enterprises and Government agencies. In my Adapt2Change days, I was mostly working with individuals. Sentinel Meteorology has seem me working with small and mid-sized enterprises, mostly in agriculture and construction. The difference between these environments couldn’t be more stark. When setting up Sentinel Meteorology software on clients computers, approximately 60% had been compromised by malicious software. This is a scary figure. 60%, 3 out of 5 computers under the control of criminals.

This needs to change. This is something that matters.

Big business and government recognise that the internet is a wild, unregulated place. Small business not so much. There’s an acknowledgement that you need to be careful, but with very little understanding of the actual nature of the threats, people don’t really know what exactly to do.

But aren’t big businesses and governments lumbering dinosaurs that are slow to respond to change? Aren’t small businesses nimble, adaptable? Why are small enterprises so seemingly bad at dealing with the nature of the internet, while the big end of town seems much more prepared? The answer surprises many – big business and governments were well prepared for the onslaught of the Internet’s criminal elements long before the internet existed.

The problem here is not information technology, it’s information security, a discipline that predates civilisation itself. Governments and big businesses have taken informations security seriously for as long as they have existed, and have applied this knowledge and experience as the internet has evolved around them. Yes there are occasional trip-ups and intrusions, as there have always been, but the extent of criminal intrusion into big organisation networks is tiny compared to the impacts on small businesses.

Trouble is, small businesses tend to get informations security advice from information technology professionals, who tend to see it as a technological problem. It isn’t. Technology may be the means and the medium of today, but information security is foremost about the interaction between humans and information, irrespective of technology. Address the technological problems without the human element, and you’re only addressing a small part of the problem – the strongest lock in the world won’t protect you if you open the door for everyone who knocks, or leave the window next to it wide open when you’re away.

So, I want to change this, but how? This is not super complex stuff, but there’s a lot of misconceptions to overcome and considerable inertia. Security is about good habits, and forming new habits takes time and effort, and as someone who has gone through the 18 hour days of starting a small business, I know that there is only so much time and effort to go around. I want to show people how to keep themselves safe in an environment that makes it as easy as possible to learn those habits as well as pick up specific knowledge and skills.

So Sentinel Information Security was born. A side-business whose sole aim is to educate small business owners about information security. How? At this stage, I am going to trial some small group (6 or so people) tutorials, hosted in cafes, and run a roughly 2 hour discussion style tutorial. I feel this is the best format for helping people actually develop an understanding of the fundamentals – the foundation of developing the habits of good security practice, rather than just learning a few processes and tips.

The small numbers at each event does tend to make it expensive, at $245. I have a rule that I like customers to leave feeling they have received value that is at least 4 times what they paid, and I think what I am preparing here delivers on that score.

I feel that larger numbers would bring the price down, but will also make the tutorials less effective, giving less value to the attendees. Finding the sweet-spot is something I will analyse and tweak over time.

The first events will be kicking off in Brisbane on the 29th of April. I am planning to get some regular events going in Sydney and Melbourne and their surrounds.

If this is something that is of interest to you, but you’re not in BNE/SYD/MEL, let me know!

Cheers,
Michael

[Author]

Posts