Security Hygene – Hosting my First CryptoParty

Turns out I am not alone in wanting to evaluate my online presence and update my security priorities. Partly to update my own security checkup, I wanted to update security knowhow here.

I got involved with an awesome Chicago-based group, the Lucy Parsons Labs this year. One thing that attracted me to the group was their outreach – they not only do work on behalf of others, but they also offer security training for journalists and activists. This week I got a chance to get involved and I led my first digital security training.

Ain’t No Party Like a CryptoParty

Monday was the November CryptoParty, hosted by moi. Like past Chicago CryptoParties, the point is to get all types of people together to talk about digital privacy and what’s important to each person. Some folks wanted to create stronger passwords, others wanted to divest from Google’s tracking tentacles.

I started by doing lots of research. There are great guides to hosting a CryptoParties, trainings, and resources for speakers  and the general public. Once I got a grasp of what range of topics we might cover, I knew I wanted to start with a short presentation on “threat modeling” and then open it up to questions and discussions for everyone.

https://www.cryptoparty.in/

The EFF has a new and awesome Surveillance Self Defense guides and printouts, plus  “playlists” for different threat models. I built my slides from there, with a quick intro to threat modeling (aka risk assessment since it sounds less militant and terrifying). I like the analogy of cold and flu season – the best thing to do is prevent getting sick and the easiest way to avoid colds is just washing your hands!

So what is security “hand washing” ? My favorite part of the threat model concept is that it depends. It depends on what information you have (assets), who you’re protecting it from (adversaries), and how comfortable you are with losing data (threat). If something happens (risk), how terrible is it?  It depends on who you are and what you’re doing.

Here are my slides.

Part 2 was more tips & tricks, mostly based on Martin Shelton’s post “Securing your Digital Life Like a Normal Person.” Applying the “it depends” model to the tips and tricks was a nice segue into discussions. We covered encryption, VPNs, and 2FA.

Here’s a partial list of topics, tips and tools:

Next Up

I was excited, humbled, and energized to get to participate in this CryptoParty. I was impressed how many folks knew about the “advanced” stuff I mentioned, like VPNs and Tor Browsers. I think next time we should jump into deep-dive topics like encryption, how VPNs work, and more. I’m ready, are you in?

Sound cool? Want to get involved with another CryptoParty or digital training? Have more in depth questions for any of us at Lucy Parsons Labs? Email us infoATlucyparsonslabs.com

Advertisements

Notes from CloudCamp Chicago – healthcare tech night

This Wednesday, Sept 3rd, I organized the “unconference” event CloudCamp Chicago.

Part of my role at CohesiveFT was to revive the free-form event in Chicago. Our London team has been going strong with the raucous after-work event since it started back in 2008. London’s events are part Meetup, part Parliament session with people jumping in to interrupt.  

The “unconference”
Usually, we pick technologies or cloud-related topics like security or hybrid clouds. This time we took some audience feedback and focused in on an industry and their data and security requirements. This CloudCamp event drew our usual crowd of technology pros, but we had a marked increase in attendees who work in both healthcare technology and healthcare in need of technology.

The “unconference” format had 4 short “lightning talks” followed by a lively “unpanel” debate session. The talks covered HIPAA, wearables, the caregiver side and elderly care from the lens of technology and compliance. After the talks, a few of the speakers and a few lucky audience members came back up to be on the unpanel. Many questions were directed at Dr. Griffin Myers, a doctor dealing with the headaches of both securing individual patient data while trying to use the population data to provide more tailored services. 

Lightning Talks
The first lightning talk, “Security 
and Sanity in the HIPAA-Compliant Workplace” was by Alex Connor, Lead Architect at Crimson Care Management. Alex had great pointers for HIPAA basics, including encrpytion and working with providers to mitigate patient data risks. 

Following Alex, Mark Moschel of Factor 75 talked about wearables, biohackers and their impacts on healthcare. His talk”QS and Biohacking movements” featured how biohackers and quantified self-ers are using personal data to improve their personal outcomes. Mark even shared some of his own stats, from mood based on the day of the week to his irregular heartbeat reading from his iPhone-based EKG sensor. Later, Dr. Myers even mentioned he scanned the EKG data to check for a rare and potentially fatal sign of sudden cardiac arrest. Mark is safe, he assured us!

After the two technical guys, Dr. Griffin Myers took us in the opposite direction. His network of clinics, Oak Street Health, is not on the cutting edge of technology. Partly because they serve Medicare patients in Chicago, the clinics also just haven’t found the perfect fit of technology that works with patients, doctors, and the community without compromising patient privacy.

Dr. Myers had a completely different take on technology and patient care. His clinics founded on the idea that healthcare should no longer be “fee for service” (i.e. you get a hair cut and pay a fee, see a doctor and pay a copay for a visit) but rather a “fee for outcomes.” Part of their approach is to focus on patient populations, which makes data analysis challenging while also complying with HIPAA and patient privacy rules.

Also working with elderly patients, CareMerge’s VP of Client Experiences Carol Zindler took us through the journey from healthcare before technology to the potential silo-breaking opportunities today.

Carol began by commenting that healthcare data began, not to help doctors or patients, but to streamline billing and insurance. By changing how elderly patients interact with their families, doctors, and providers CareMerge is hoping to improve elderly care. The timing is just right, as well considering more than 10,000 Americans will turn 65 in the next 15 years!

See all the slides here: http://www.slideshare.net/CohesiveFT/cloudcamp-chicago-healthcare-it

If you’re in London on Sept 11, CloudCamp – Banks vs. Tech companies, who will win?Or join us in Chicago for the next CloudCamp in October.

2 Halves Make a Whole?

Sunday I finished my second 1/2 marathon in Chicago!
I was very lucky and very excited to PR with a time under 2(hr)20(min). I was writing an email to my coach, Deanna, but decided it should become a blog post too. Here’s my race recap:

Chi 1/2 logoThe Plan

I felt very good going in with a race plan for warm-ups, what to wear, intervals etc. I even made a Google spreadsheet with my estimated timing, intervals and distance. It helped to think about that as I got to the mile markers along the route. My plan: 8 or so 15-minute intervals of running with 1 minute walk breaks after each interval. The first mile or so is always a mess with the crowded start line, but then my plan was to do 2-5 intervals at my very comfortable running pace, in heart rate (HR) zone 3. Then I could bump up to low Z4, which would be a more challenging but good race pace. If all goes well, by mile 10 (of the 13.1) I could go even faster and even sprint the last .1miles. This is how I trained and did long runs, so I felt good with this plan, but secretly hoped I would feel awesome and speed up – the point is to start slow and steady then speed up at the end.

Disaster Strikes

About 2 min into the race my stupid Heart Rate Monitor (watch and chest strap) stopped reading. For miles 1-6 it said my HR was 31. I would be dead if my real HR was 31. For perspective, my resting HR is mid-70s and my ‘threshold’ of running hard but not sprinting is 185. So a HR of 31 mid-race is ridiculous!

I tried to fix it but didn’t want to fool with it and get distracted, so I just stuck with consistent runners and what I thought was mid-Z3 for intervals 2-4. I probably pushed into low Z4 too soon, in intervals 5-7. By mile 10 I started to push it to what felt like threshold (but was probably too much) and all the sudden I felt like I was getting too tired too fast.

The course was interesting – we ran on Lake Shore Drive for most of the “out and back” course. We started by zigging though the Hyde Park neighborhood, then went onto the closed-off road. It was cool persecutive, and fun to see fans sitting on the divider and standing of the bridges overhead cheering. The random cheer groups were great – people with signs, a guy dressed up as the “More Cowbell” SNL skit, cheerleaders, and a few drum corps. I was feeling really good at the turnaround, about mile 7-8, which is where I really struggled in my first 1/2 Marathon.

I was feeling good and wanted to up the effort, so I did push more after mile 8. I probably went into mid- to upper Z4, which was too much effort with so much race left.  I mentally swore off drinking and fried food for the rest of my life. By mile 13 and thought my legs might turn to putty when I saw the 3/4 mile left sign. From 3/4 mile left to the 1/2 mile left sign felt like a whole mile. I made the final turn (thinking “where is the stupid finish line already!!”) I would have sprinted to the end but I physically couldn’t go faster!

Completed – a new PR

I turned the corner, knowing I was blowing my estimated finish time, as well as my super ‘reach’ goal out of the water. I went in thinking I would like to beat my slow first race, but only by 10-12 minutes. I secretly hoped to run it under 2:20, maybe 2:15. I crossed the finish line at 2:13:38 – two minutes less than I dreamed!

The most frustrating thing about pushing so hard at the end is coming to a complete stop after the finish line. I know I need to walk for a while to cool down and not collapse into a quivering banana-clutching idiot. I did manage to grab a medal, banana, face towel, and a granola bar before I could extract myself from the mass of runners/supporters/voluteers/photographers that all stand in that tiny space.

I found Angel pretty quickly – after some vague geographical locations, “no, the slightly talker white tent to the other left of the beer tent” – and we grabbed our free Lou Malnati’s pizza slices 🙂 It was 9:30am but that pizza tasted great!

Next!

The only thing about 1/2 marathons is that people assume the next thing is a full. Like 13.1 miles is just a warm up for a ‘real race.’ Like hell! I’m perfectly content in running for under 3 hours per run – marathon training can take up to 5hr each run at the peak of training! – so I’m focused on more 1/2 marathons and mid-long distance.

Next up, I’ll be cheering on my running teammates and friends at the BoA Chicago Marathon. I got some great ideas for inspiring and funny posters from this race.

For running/ races in my future, I really want to run the “Race of the Dead” 5K on Nov 3 and the Hot Chocolate 15K on Nov 4. The real challenge is that they’re 1 day apart… After that I think I’ll go back with my running/coaching group to train for a spring 1/2 marathon. Hopefully it will be a destination race somewhere warm!