Author: Kevin Riggle

A couple years ago a family member who was thinking about starting their own consulting company reached out to me, and I wrote up a long answer to them about what I had learned so far that I hoped was helpful.  Last week when I sat down with a friend and former colleague, who was in a similar place, I realized that I had never posted that advice publicly, and if it might be valuable to these people then it might also be valuable to a wider audience.

This was the question that started it off:

What is the one thing you wish someone would have told you when you were about to start your company?

And this is what I wrote in response:

Continue reading “Advice for New and Aspiring Consultants”

I was revisiting my Github README article about incident communications the other day and noticed that many of the links I had put in my bio to Akamai’s public-facing incident management documentation had rotted away due to some intervening revision of the Akamai web site.

Since they provided valuable context and I had cause to want to refer to them in my client work, I went and tracked them down in the invaluable Internet Archive, and present now the links on their own as well as a fixed version of the bio with working links (and some paragraph breaks for readability).

• Akamai’s Infosec Program
• Incident Management at Akamai
• Information Security Compliance

And the updated (very casual) bio:

Hi there 🙂 I’m Kevin (@kevinr.free-dissociation.com).

While I learned to code while I learned to read and have loved computers my whole life, I realized pretty quickly after college that I wasn’t going to be happy spending the next forty years of my life sitting in a cubicle in a corner writing code and not talking to anybody.

After a bit of a sojourn I landed in security, which I love because it’s the intersection of the hardest technical problems we know (like cryptography) and the hardest social problems we know (like making cryptography usable by people).

I got my start in Infosec at Akamai, where I helped to redevelop our incident management process, train incident managers, and served as an incident manager myself on some gnarly and interesting incidents.

These days I have my own little shop, and I’m available for consulting on incident management as well as several other areas of security, privacy, and the broader emerging field of software safety. In my “spare time” I make videos on security and safety topics. 😉

I value the truth, and, more importantly, I value the process of seeking the truth.  Scientific methods, despite every misstep, are the best methods we know for developing and understanding truths about the universe around us and ourselves—that is to say, they give us the best ability to predict what will happen in the universe and in our social systems.

I value the physical world.  The physical world around is is the ultimate source of truth in the universe, and, while our understanding can never fully capture that truth in all its manifold complexity—to do so would take a system larger than the universe—still we can, collectively, approach some kind of asymptote of understanding and ability to predict the world around us both physical and social.

I value the people around me and the human species as we are, alive, today, and tomorrow.  I value that as many of us and our children as possible are as healthy, happy, and safe as possible, and I have dedicated my life to doing what I can to make us all healthier, happier, and safer.  I believe that understanding the physical and social worlds is valuable precisely for the reason that that understanding offers our surest path to those outcomes.

(The future beyond that is our children’s and our children’s children’s responsibility, just as our health, happiness, and safety today are our responsibility and not our great-grandparents’.  Our duty is to set our children and grandchildren up for success as best we understand that, but not to trade their health, happiness, and safety for those of hypothetical far-future many-times-great grand-children.)

I value democratic methods of decisionmaking.  Like science, politics is also a method for understanding the social world, the impacts it has on the physical world, and the impacts of the physical world on it.  Politics is the arena in which we define what it means for us to be healthier, happier, and safer, and who gets to be that.  Democratic decisionmaking methods, despite every misstep, provide the best ways we know for developing what it means for us to be healthier, happier, and safer and understanding how that might be achieved, and for spreading those benefits to as many people as possible.

I value capitalist and socialist economic methods and structures to the extent that they serve the other values.  These methods are among the best economic methods we have found so far for distributing high-quality, safe, and wholesome physical goods to as many people as possible, and capitalist methods do the best job of any economic methods we have found so far of turning basic human self-centeredness to socially-beneficial ends.

 

I wrote up some fairly off-the-cuff travel cybersecurity advice back in 2022 for a client, and it’s generic and useful and still current enough that I thought I would post a lightly-edited version here.

Its audience is mostly-US persons and US-based organizations traveling abroad for conferences in a professional capacity, although I think it is fairly applicable outside that.  This advice is also specifically not for people who believe they are or may be actively targeted!

Obviously in fall 2025 the risk calculus, particularly for non-US persons traveling to the US, is changing very rapidly, and without doing substantially more reading and thinking I don’t feel I can give good advice to that specifically.  I do think the advice here still provides a good, safe baseline for everyone, and additional measures can be layered on top as you need and desire.

---

tl;dr:

1. If you are ever concerned that your device may have been compromised, stop whatever you’re doing and reboot it immediately.
2. Take your software updates, always, but especially before you travel.
3. Don’t click through certificate warnings on public WiFi!

How come? Read on.

Continue reading “Basic Conference Travel Cybersecurity Advice”

This is a thing that I’ve been sending around.

Friends and family, I’ve been following developments in global financial markets, the manufacturing and construction sectors, and physical supply chains very closely following Trump’s announcement of massive tax increases (tariffs) last week.

I think it is likely that we are headed for a set of supply-and-demand shocks—different in their particulars, but—similar in magnitude to the ones we experienced in the early days of COVID in the spring of 2020. We’ve weathered shocks like this before, and we will weather them again, but they always fucking suck.

What I’m doing for myself, and what I would encourage you to do, is this: Lay in at least a 2-3 month supply of staples, whether sourced domestically or abroad, and, ideally, lay in a 6 month supply of anything you can’t live without.

For staples I mean things like food but also paper products (in the US, many of ours come from Canada), medications and supplements (many of ours come from Mexico), coffee, tea, chocolate, spices, vanilla, liquor, contraceptive products, cosmetics, personal care products, etc.

Also anything you need for summer (I need to buy an air conditioner).

I hope that I’m wrong, nothing comes of this, and I just wind up with extra paper towels in my closet for the next six months, but all my early warning signs are flashing danger right now.

P.S. Also, Congress and, in particular, Republicans in the Senate can end this any time they want, so, I encourage you to please call your Senators and ask them to remove tariff-setting power from the President and return it to Congress.