Evaluating the implications of attack and security patterns with premortems.

Security patterns are a useful way of describing, packaging and applying security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem won't introduce or exacerbate another. Rather than using patterns exclusively to explore possible solutions to security problems, we can use them to better understand the security problem space. To this end, we present a framework for evaluating the implications of security and attack patterns using premortems: scenarios describing a failed system that invites reasons for its failure. We illustrate our approach using an example from the EU FP 7 webinos project

Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software

Designing usable and secure software with IRIS and CAIRIS.

Everyone expects the products and services they use to be secure, but 'building security in' at the earliest stages of a system's design also means designing for use as well. Software that is unusable to end-users and unwieldy to developers and administrators may be insecure as errors and violations may expose exploitable vulnerabilities. This book shows how practitioners and researchers can build both security and usability into the design of systems. It introduces the IRIS framework and the open source CAIRIS platform that can guide the specification of secure and usable software. It also illustrates how IRIS and CAIRIS can complement techniques from User Experience, Security Engineering and Innovation & Entrepreneurship in ways that allow security to be addressed at different stages of the software lifecycle without disruption. Real-world examples are provided of the techniques and processes illustrated in this book, making this text a resource for practitioners, researchers, educators, and students

Understanding Coaching As A Judgement and Decision Making Process: Implications For Coach Development Practice

In completing this thesis I am interested in two broad questions; what is coaching and how do we develop it? Surprisingly after nearly forty years of coaching research there is no agreed answer to these questions in the literature. This is perhaps not that surprising since other more established roles such as teaching are still struggling with answering this sort of ontological question after many more years of research. Despite this struggle, I focus my attention on applying the theory of Professional Judgement and Decision Making (PJDM) to understanding what coaching is and what the implications are for coach development. In taking this approach and seeking answers to the broad questions I present five substantive chapters, two of which are critical desk top studies, the other three being empirical studies. These are wrapped in introduction (Chapter 1) and conclusion (Chapter 7) chapters. Chapter 2 presents what PJDM is and how it can work as a parsimonious theory to draw in current coaching literature to understand what coaching is and how it can work. Chapter 3 presents data from long jump coaches that suggests that coaches are capable of engaging and do engage in PJDM but only when pressured to do so. Prior to this, the coaches preferred to take more of a folk, experiential, gut feeling approach to solving a contextualised coaching problem. Building from Chapter 3, Chapter 4 identifies how individual differences in how coaches view knowledge and learning can explain their willingness to engage in PJDM and aligned formal coach development activities. More specifically, that coaches with a dualistic view on learning and knowledge will shy away from or even disrupt coach development that confuses their view on the world. Alternatively, coaches with a more relativistic view will actively seek out new knowledge to improve their understanding of coaching and athlete development. Drawing on the findings of the thesis to this point Chapter 5 identifies that to improve coaches’ willingness and capacity to engage in PJDM the biggest impact must come from formal coach education. As such Chapter 5 offers a summary of a broad range of empirical and theoretical research and how an aligned application of this research can lead to more impactful formal coach development. Chapter 6, builds from Chapter 5 by noting that more impactful formal coach development will require more professional coach developers. As such, in this chapter I define what a high performing coach developer should know and be capable of. This definition was subsequently used to develop of Postgraduate Certificate in Coach Education for The Football Association. To conclude therefore, I deliver answers to the two broad questions set at the beginning of the thesis. Firstly and briefly, coaching is a PJDM process that draws on formal, theoretical knowledge to solve coaching problems and make decisions leading to the achievement of goals. Secondly, that to develop coaches capable of PJDM, coach development must practice what it preaches and engage in creating development programmes that are supported by theoretical and empirical research relating to programme development, adult learning, curriculum building and individual differences

Snakes and ladders: a critical examination of blocks in the talent pathway

There has been increasing interest in the nature of challenge variables in talent development (TD). Along with the attendant recognition that individual TD trajectories are typically non linear in nature, there is also widespread acceptance that challenge plays a critical role in the development of exceptional talent. Accordingly, this thesis aimed to understand what the risk factors in TD are (the snakes) and what understand factors support the athlete to progress (the ladders). To develop the knowledge base in this area, I first sought to investigate the coach perspective in understanding what factors influenced those with high potential who fell away and the barriers provided by organisations to effective TD practice. Then, from the athlete point of view, I investigated the nature of the challenges faced and what factors helped to navigate these challenges. Given my role as a coach and coach developer, I felt it critical that the intention for investigation was to generate ‘real world’ and applicable knowledge for the practitioner. Consequently, investigations were conducted under the pragmatic paradigm which seeks to prioritise questions and methods that are practically meaningful, rather than generalisable truth or subjective construction. Results indicate the following: i) performers without a well-developed set of psychological skills are at risk of failing to realise their potential and dropping out of talent development pathways; ii) the prevailing socio-political features of organisations were identified as barriers to effective practice and increase the risk of athletes having an inappropriate dose of challenge; iii) athletes benefitted from emotionally laden feedback in navigating the challenges that they faced; iv) athletes were influenced by a large number of people offering feedback and their trajectories impacted by incoherence; v) a critical role of Talent Development Environments is shaping a Shared Mental Model of the intended athlete experience amongst various stakeholders.The findings suggest that challenges causing emotional disruption for the individual performer are not simply events to be coped with but rather should be capitalised upon. As such, the results add to the understanding of the skills-based development approach and additionally provide key guidance for the applied practitioner seeking to support performers to facilitate their development. Additionally, given the nature of the TD milieu, with the number of inputs that impact on the athlete, if TD coaches are to offer the athlete a truly ‘athlete centred’ experience, they need to consider the totality of the athlete’s experience, or their wider curriculum. Overall, the thesis provides a unique and in-depth study of the interaction between psychobehavioural factors, challenge variables and external support to the performer in the development of talent. Importantly, it offers critical implications for practitioners seeking to optimise the experience of performers moving through talent pathway and maximise learning from both the highs and lows of the journey