Seamus Tuohy
Seamus Tuohy
Clear transitions between sessions: I.e. we talked about this before, now we are going to talk about this, so that we can talk about this later, with an eye toward...
More details on how to operationalize operational security would be helpful - an exercise that is included in the preparation (i.e. you are traveling with a pdf of the SAFETAG...
Lead 'plus/delta' processes at the end of each day asking what has gone well and what participants would like to see done differently - this will ensure that you can...
Before explaining a concept, tool, or an answer to a question, try to lay out the ideas and information in a closed loop way. We're going to cover this because...
We need content on how to pitch an audit, who it’s appropriate for, and how to describe it.
Information has different levels of sensitivity at different points in time. This is especially true for journalists and advocates who rely on the unimpeded release of their work and the...
The WAY that documents are released or stored can be a vulnerability or risk mitigation measure. If an adversary contends with the data, or when the data/publications are the reason...
Data mapping should explicitly talk about how data includes administrative data that is not a part of the technical infrastructure (paper, spreadsheets, knowledge in peoples heads). Being explicit in this...
Just because an auditor has been trained does not mean that they are a SAFETAG auditor. The content is growing steadily, the framework itself has gone through changes. Adding in...