So today I had the pleasure of leading a meeting for a local group. We were trying to determine what programs we should use that fit our needs best. I'm relatively new to the group (and new to leading meetings), but I've participated enough to have a strong idea of how to make sure the meeting was effective.

Rather than immediately jumping into the subject matter, I find it best to step back and determine the core of the group. There were three questions to answer: What do we do, what are our values, and what are our goals. Having these things listed and out there will help us make sure we are choosing the products that best fit who we are and what we need. For example, if we value privacy to a high degree, it doesn't make sense to use Facebook Messenger over Signal. Having our identity laid out and discussed simplifies the decision making later.

For this particular meeting, I felt it was applicable to discuss Threat Models. To simplify, we asked ourselves five questions: 1. What do we want to protect? 2. Who are we protecting this from? 3. How bad are the consequences if we fail? 4. How likely is it that we will fail? 5. How much trouble are we willing to go through to prevent failure? After listing our current tasks and goals, it was a lot easier to conceptualize our threat model. In our circumstance, it became obvious that in our current state, high levels of encryption and anonymity aren't necessary. But good habits at smaller levels will be more effective: BCC emails and at-rest encryption for example.

Afterwards, we were able to discuss programs. We broke things down into categories and listed our options. Unfortunately due to time constraints, we had to stop the meeting here, but the final steps would be looking at each program and seeing how they fit our needs. Though nothing will be perfect, we can use a process of elimination to help narrow our choices and eventually make decisions.

In retrospect, I feel this approach may have been 'too much' given the overall needs of the group. However, I feel good knowing that the meeting was structured and focused instead of the loose and open. My goal was to make sure we did not over-complicate our routines in an attempt to utilize the 'best' the internet has to offer.

#100daystooffload #daythirtyfive #privacy #security