Tom Craven
tom.craven1THE BIG CLAIM: Why this is the job for me and I am the man for the job.
Computer Security is the Avant Garde - a nascent field, but only recently considered a field of academic study, challenging, complex and dynamic. Therfore this makes me the perfect candidate for utzins Security Engineering position as I thrive of the complexity and challenges that only security can throw up- I love approaching problems with playfuless and trying many methods to find the most elegant solution but I also like using unconventional methods from a variety of fields to find new and novel ways of problem solving.
Complience: Proof of the Exersises we had to do....
WEEKLY HOMEWORK SOLUTIONS (*)
Week1: Halifax Diaster
Week2: Houdini Protocol
Week3: Germanwings Tragedy.
Week 4: Earthquake pricing problem
Week 5: google Security
Week 6: Japans nuclear reactors
Week 7: Man in the middle
Week 8: Cheating scandal
Week 9 ----------Quiet week No Homework------------
Week 10: exam practice
Week 11: Self driving car.
Week 12: Die hard.
(*) Links in Green were Blogged about in the Required Weeks However links in red were not written in the weeks the tasks were set and further Links in Orange were exam practice and may not have been blogged about in the week they were set - see this blog for further details. REWRITING THE WRONGS
UNSW DECRYPTION GAME
SECURITY EVERYWHERE POSTS
Biometric Facial recognition systems in Australia
Volkswagen engines defeat device
Green Indicates posts with depth and extensive analysis and discussion, Red indicates simply a link with little discussion.
RICHARDS LECTURE EXERCISES
Finding a conflict of interest (Newhaven hospital)
CONTRIBUTIONS TO LECTURE NOTES(*) :
* If navigating to these pages click on History to view edits as there is no easy way to Navigate to specific edits.
*Effective.
Claim 1 : As a lifelong learner I have constantly make attempts to improve my own learning.
Claim 2: I have engaged in extensive teamwork but also worked effectively with others.
- I am a lifelong learner therefore at the start of the start of the course I aimed to identify reasons that have prevented me from being effective in the past
PLANS AND GOALS AT THE START OF THE COURSE
but upon recent reflection I realised some of my goals may have been too lofty, therefore throughout the term I aimed to refactor my plans to be more effective.
One of the factors I identified is I may have had a tendency to take on too much and not cover some subjects in enough depth, therefore I aimed to go into
more depth in my Analysis
By being able to conduct in-depth analysis of problems I am able to takle the complexity inherent in Security Engineering and provide concrete solutions and reccomendations to these very problems
SOLUTION TO HOUDINI DILEMMA PROTOCOL
But I am also conscious that there is a depth vs speed trade off, Because security is such a fast moving field, there is a risk if going into so much depth the problem may have become
inconsequntial or another issue may not have been picked up in the meantime, Hence I have made a stong effort to improve my foundational knowledge of Security to improve my speed in solving problems
By having strong foundational knowledge I am am able to tackle problems quickly and perform deep analysis by building up knowledge from the basics to make deeper connections and conclusions, this makes me well aligned to the deep analysis required in the Security Engineering environment. However Security Engineering not only involves strong individuals, it involves working in a team effectively and throughout the term I have aimed to work as a team member for our presentation and also contribute to the wider Open-Learning environment
GETTING READY FOR OUR PRESENTATION
GENERAL INTEREST (AIRPORT BAG LOCKS)
SECURITY EVERWHERE (NUMBERS STATIONS)
This is only 'evidence' of teamwork, but what about an effective team?, my thoughts of an effective team are similar to parrallel processing- units should be mutually exclusive and exhaustive and hence trade unique information amongst eachother reducing repetition of work and redundancies
EVIDENCE OF OUR TEAMS DIVISION OF LABOUR
In the end we were able to deliver our presentation on time and also of a sufficiently high quality as Richard referred to it as "One of the best presentations of the Semester". Through lifelong learning and effective teamwork and communication I am well suitied to the dynamic and teamwork driven enviroment that Security operates in. But not only do I aim to improve my own knowlege, throughout the course I have aimed to share my knowledge with others as is shown later in the analysis section.
* Attitude
Claim 1- I am a self starter and can learn complex security topics on my own.
Claim 2- I am a maverik.
To learn about current security issues I created a blog about innovations in security and blogged about current security topics that I found current and Interesting
but not only am I able to blog about concepts in a theoretical sense - but i am actually able to discover and act upon security issues I have found in the real world.
an example I found was a massive conflict of interest surrounding a private mental health Hospital called "Newhaven psychiatric hospital" that was run by a well known Australian cult called "The Family" ,I happened to stumble across this case as an accident from reading a newspaper article, but further investigation lead to a rich line of inquest
FINDING A CONFLICT OF INTEREST: NEWHAVEN PSYCHIATRIC HOSPITAL
After reserching events surrounding Newhaven I came to the limited conclusion that certain abuses associated with Newhaven did not seem to be reported in the mainstream media outlets, therefore after careful consideration of the risks of whistleblowing and discussion with Richard I decided to disclose the information I had gathered about Newhaven to Journalists and the current Royal Commission into Institutional Responses to Child Sexual Abuse
DISCUSSION WITH RICHARD RE: NEWHAVEN HOSPITAL(Disclosure)
I wrestled with many emotions surrounding this case apart from the disturbing nature of the crimes, I was both reluctant to get involved in other peoples buisiness but also concerned about being targeted by a cult that is still active and well resourced -however I think part of being a Maverik means finding things on your own but also doing things you may find unpleasant or even dangerous in the name of the greater good- I eventually realised that my disclosure may be able to help victims or provide closer scrutiny of these events, a fact i now feel very proud of.
*Analysis.
Claim1- I am able to analyse security scenrios and risk management screnarios critically and make suggestions on what actions should be taken.
Claim 2- I am able to solve problems using unconventional and novel methods.
I made an effort to participate and discuss case studies during weekly tutorials (See complience top of page) and also made attempts at regular 'Security Everywhere' posts (See complience top of page) and Contributed to the Lecture Notes (See complience top of page) , but I also futhered my analysis to fields outside of our case studies.
In Week three's module we covered the topic of Risk, therefore as a way to look at and analyse risk I created a group to look at Advantage Gambling and Risk
ADVANTAGE GAMBLING AND RISK CTF (NB: may require you to join to be visible)
PROOF OF REGULAR CONTRIBUTIONS TO CTF (EDIT HISTORY)
Advantage gaming was not a topic I knew much about before I made the page thus I made it to learn and share knowledge with others, but more importantly some of the methods I learnt by making this page I have been able to expand my problem solving repertoire, an example of this is solving the earthquake pricing problem using statistical sampling- I figured although Individualy peoples estimates were make quickly and would largely be inaccurate, if enough people were sampled the mean would be an accurate representation of the true cost of earthquake prevention since the chance of over estimation is roughly the same as under estimation and if a large sample was taken errors would tend to cancel out- I asked people to post their estimations on the course homepage and got 17 samples I also shared my results for others to use and analyse
STATISTICAL EARTHQUAKE PRICING EXPERIMENT
the results from this experiment proved to be quite a optimal solution to the problem, and in most cases closer than any individuals guess.
Therefore I have strong traditional analytic skills but I also combine this with novel and experimental methods giving me a broad skill set to cover even the most challenging security problems. However analysis is not enough, you could analyse a problem till times end Engineering involves coming up with solutions in the face of imperfect information and suggesting the reccomended actions, one such example of my reccomended actions is my solution to the man in the middle alien protocol.
THE MAN IN THE MIDDLE PROTOCOL (WEEK 7)
Hence i am able to analyse Security problems in depth but further I am able to use my analytic skills to provide concrete and usable solutions to problems required for Security Engineering.
Back to the big claim: I have the necessary analytic skills and knowledge to tackle modern security problems yet I am able to work with speed and efficiency alone and in groups further I am also a ethical and responsible professional who is able to disclose Security matters in an accountable way and further someone who can bring a great deal of creativity and originality to the field.