FAIR-CAM is pretty interesting. It cuts to the heart of the matter of IT risk in a lot of ways, and succinctly poses and addresses core questions that brought me to help build the SiRA fount—and drink from it—so long ago.

This first supposition may or may not be true, but it seems true in my experience.

Since the value of any cybersecurity or risk management control boils down to how much it reduces risk, we have to understand which loss event scenarios a control is relevant to, and how significantly the control affects the frequency or magnitude of those scenarios. This is not typically part of the evaluation process when cybersecurity programs are evaluated using common control or maturity frameworks, which means the value of each control isn’t determined.

“This is not typically part…” indeed. I would take this further to say that the common frameworks in use don’t have a way to include this information, even if you wanted to.

This second supposition wouldn’t receive as much argument in most circles.

Without knowing the risk-reduction value of its controls, an organization may inadvertently invest heavily in one or more controls that aren’t particularly relevant to, or effective against, the risks it faces. When this is the case, the organization would have high scores for those less-relevant, less-valuable controls. For the same reason, the organization may under-invest in more important controls, which would result in lower scores for those controls. Organizations also sometimes invest more-or-less equally in as many controls as possible, which invariably results in under-investment in some controls and over-investment in others.

This leads to a few questions: is it more cost-effective to take this approach, or are we better off to assess/determine the value of controls (or at least the ones we believe to be most valuable) to prove the ROI.

No arguments on this one either, though I question the example:

All controls have relationships with, and dependencies upon, other controls, which is not accounted for in common control frameworks. As a result, weaknesses in some controls can diminish the efficacy of other controls. For example, the efficacy of an organization’s patching process is highly dependent upon the efficacy of the organization’s vulnerability identification capabilities, as well as its threat intelligence capabilities, and its risk analysis capabilities. If one or more of those capabilities is deficient, then the efficacy of patching will also be affected.

I agree with the general concept, but I can easily envision an IT department that patches everything ASAP. In that case, vulnerability identification and threat intelligence don’t matter much, beyond getting notified of the patch release of course. So these reduced capabilities may or may not affect the efficacy of patching, but they certainly do impact the efficiency.

2022 — the year of doing as @patrickrhone does?

Back in May, I mentioned meeting with @patrickrhone to discuss housing/real estate, and that my wife and I were considering an investment property. Well, fast forward a few weeks after that coffee and chat, and we had set in motion a refinance of our home to purchase an investment condo.

I’ll post the laundry list of things we did to it later, but Arundelby is up, running, and available for all your sleeping, rest, and relaxation needs in Saint Paul’s Cathedral Hill neighborhood. Arundelby is a portmanteau of Arundel & Selby, the intersection where we are located. I contemplated “Arundel BnB” as well…might still go that route instead.

I have joined the peloton (group or ball in French – the “group” variant here) with a new exercise bike. So far, I’m actually enjoying it – this is a first for exercise equipment or “gym” activities like this. I have a rower as well, but I don’t get as much use out of it. Turns out the instructors in the service play a huge part in that, and I don’t get that same engagement on the rower. Although Apple Fitness+ does have some rowing classes…maybe one of those would make the cut.

I finally have my motorcycle in full riding condition! But first, so I don’t bore you with motorcycle talk, I also had a fun Dad moment today when I passed a car that lost a wheel on Cretin by 94 (a speed run where everyone goes 45+, in case you’re not familiar.) so this car is sitting in the left lane, their wheel in the right lane of oncoming traffic, and they were both just sitting there on their phones, clearly not sure what to do. I pulled a U-turn, parked with flashers, got the wheel out of the road (after 20 people raced up on me before going around then seeing the tire). Then I asked if they were okay, to which the driver replied “Yeah, our wheel fell off!” I allowed as how I could see that. Then I checked out the girls’ brake discs, found the vehicle was resting on the ground via a support, not the disc, so I had them pull off Cretin on three wheels so they did t get hit, then helped them figure out what to do. They’d had a lug nut and bolt sheared off, and all four remaining ones fell off.

It turned out they were returning after picking the car up from impound when the wheel fell off. Told them to call a tow, call the city and University of Minnesota police to report the damage to their car, and hope someone along the way owns liability for damage to their car. Anyway, my daughter was pretty confused why we stopped and so we talked through acts of kindness, the danger they were in, how once we got them off the road they started making calls and thinking clearly, and how I hope I can teach her to know how to get out of those situations on her own.

On to the bike…

After sitting a few years, I knew I had to clean the gas tank and refresh some hoses. So I replaced the battery, drained and took the tank off and soaked in vinegar for several days. I knew the secondary tank was in good shape so I didn’t worry about it…until Gunther stuck a golf tee into it. Guess I should’ve kept that plug in the fuel hose connections until I was ready to put the tank back on…So I soaked the secondary tank too, which meant removing the rear wheel and fender first. That eventually all came back together correctly, after replacing the fuel lines throughout, along with a new fuel filter, and then I got to give Gwyneth and Gunther both their first rides.

Later, I saw the fork was still leaking pretty severely, so removed the front wheel, brake calipers, speedometer cable, and the fork tubes. After quite a bit of reading, eventually got them back together, oiled and ready to go, which involved ordering the piece missing from disassembly (and no, I didn’t lose it). Then in remounting the brake calipers, my torque wrench didn’t fire and I stretched one bolt and snapped another. Eventually found some replacements at AutoZone that required me to cut 2mm off. With brakes back on, my last issue was to trace wires until I found the location of a short that has been present since I bought the bike from Sandra Shipp​​ I eventually removed the front turn signal to discover an electrical wire repair that wasn’t connect properly and wasn’t fully isolated. So to the store I went to get some new turn signals. Gwyneth helped me install the fronts, still deciding whether I’ll install the backs.

But good news is no more short and everything runs as it should. I’ll need to repeat all of this to pull bearings, clean hubs, degrease and paint parts where paint is failing, etc. now I just need to glue the cleaned up grip so I can ride again.

A year in the life of a game trail in the BWCA.

I’ve been pondering future movements and listening to @patrickrhone’s recent interview on Systematic with Brett Terpstra inspired me to reach out to Patrick to talk shop — remodeling, financing remodels, how that’s gone, etc. He was gracious enough to spend a few hours with me for some great conversation and a tour of his Hague House. This home built in the 1890s hides some amazing little details that you just don’t find anymore. I just wish I’d have grabbed a shot of the glasswork in the master closet.

Jamie shared this, and I backed it immediately. I’m stoked to play with this with my children!

Paul Boswell, creator of the Turing Tumble, just launched Spintronics on Kickstarter. I’m in! Turing Tumble was brilliant, and this looks equally great! I love how he turns digital concepts and logic into something physical to interact with.

Happy Mother’s Day to all the moms out there. We enjoyed a creek-side picnic and a family walk.

Feeling a new burn with this, my Trashy Firepit. I bought it, happily, as I’m handy and into DIY, but not so much with metalwork. But if you like metalwork, Craig has posted the plans.

Hello, @saturdaydumplingclub! Veggie for lunch.

Get lost in the darkness.

Honestly, I’m here for April Fools jokes this year.

Shrimp Diablo a lá Dock Cafe. Eat’cher heart out!

I’€™m your huckleberry.

Seventeen years and a day that we’ve been together! I’ve been thinking a lot about that time, and especially the last year and all it’s brought and taught us. \n.\nOh my goodness @annbkool and her crew at @sookimimi are amazing. I’m so thankful you were able to open and provide a place for small, special nights like tonight. Listening earlier today to @foodunderfirepod episodes with you and @jdfratzke have me thinking a lot about everyone in the service industry and the struggle you’ve been through this past year.

Please pardon the mediocre food photography — I was more focused on shoving these delicious courses in my mouth than perfecting the photos. I also ate one course before I could take a pic of it. The whole experience was fantastic, and the molé blanco was sumptuous.

Hair matches jacket!

I unabashedly asked for a bottle of the new stuff at @handsome_hog last night. Today, Breakfast of Champions with some @crybabycraigs Hail Fire benefiting Minnesota farmers harmed in the 2020 hail storm. Get your bottle at @lundsandbyerlys in early March.

Merry Christmas everyone!

Antonov An124 from a week ago @mspairport

Hard to get a sense of how big this plane is without anything around it. Maybe I’ll be able to catch the prep and departure.

I liked the light off this @americanair A319 shot 2020-11-29 at @mspairport. I missed the Antonov A124 taking off that morning and only caught the Carolina Panthers motorcade on the highway, and missed their chartered 747.

Beginning of the end, this.

Halloween costumes. A created character inspired by Ahsoka Tano and The Cheeto in Chief acting presidential.