This chapter from the book describes what it is, how to use it, and a bit of how I came to write it.
I started reading a daily calendar book in 2019 and have continued every year since. My two favorites are The Daily Stoic and The Daily Drucker. Calendar books provide a bit of daily wisdom or a lesson, and sometimes a task for the day.
The idea of writing 366 entries was too daunting to consider. A weekly calendar book on OT security and cyber risk management seemed doable. After creating this book of limited words, my appreciation and admiration for writers who have published one or more books has increased.
The idea of a busy OT security professional trying to tackle 366 tasks in a year is also daunting. The result – – – this weekly OT security and cyber risk management calendar book. Each week has one to three pages of an important concept and a related task.
There’s blank space for each task for you to write in your information, answers or response; this book becomes a journal. It’s perfectly fine to use an online journal or document if you prefer. Consider though that science and personal experience finds handwritten entries increase creativity and retention.
I have the advantage of delivering this book in the swag bag to a captive audience of 1,500 attendees at S4x25. Therefore, the calendar starts with the week of S4x25 and ends with the week before S4x26. It also includes tasks related to your participation in S4x25 and reminders for key dates for S4x26. For the weeks with S4x25 tasks, I’ve also included a related task for those who did not attend.
Tips On Using This Book
· Try to use the book on a weekly basis as designed, and don’t fret if you fall behind. You can always catch up on a slower week, and most tasks are not tied to a specific time in the calendar.
· Some weeks will be more valuable for you than others. We all bring different knowledge and skills into the journey.
· Take the time to do the task even if your initial reaction is I already know this, see the Dunning-Kruger Effect diagram below.
· The first month, February, is follow-up tasks from S4x25. It’s largely career planning. If this is not for you, start in March when we get to the OT security and cyber risk management tasks.
I began my journey into OT security with a SCADA security assessment consulting engagement in 2000 knowing nothing about SCADA (typical for a consultant). By 2009 I had climbed Mount Stupid and was at peak confidence, a very dangerous point on the Dunning-Krueger curve. The 2010 – 2015 was a long slide down to the Valley of Despair. I believe, or at least hope, that I’ve started up the slow Slope of Enlightenment … still with much less confidence than I had 15 years ago.
If you find yourself certain on all the answers, it might be time to ask yourself more questions. Hopefully this book will help as it varies greatly from the SANS 5 Critical Controls, cyber hygiene, IEC 62443, and other long and growing lists of OT security lists.
It’s Not For You?
The famous marketer Seth Godin often points out that if you try to create a product or service for everyone, that offering is rarely ideal for anyone. We embrace this at S4 by developing the event for the advanced OT security professional and early adopters. Someone open to new ideas and wanting to know what will be leading/bleeding edge in the next one to three years. And importantly, a person who wants to Create The Future. This is, by my estimate, less than 5% of the OT and ICS security community.
Similarly, this book might not be for you. You might not want a weekly calendar or to allocate the time to this process. You might think this doesn’t apply to your company or your role. There are surely many other reasons it’s not for you. If this is the case, I ask you to:
Please Give The Book To Someone Else
Consider a colleague or friend who might need it. Maybe there is someone new to the field who you are mentoring. This book could be an aid in their journey.
If you’re at S4x25 and you know you don’t want the book, please drop it off at our service desk. We will make these extra copies available free of charge to attendees.
Additional copies of this book will be available for print or Kindle after S4x25.
Good luck with your OT security and cyber risk management journey.
Dale Peterson
Catalyst at Digital Bond and Founder of S4 Events