CAIRIS in the movies

Looking at movies to see how central software is to security design

During a lecture I was delivering yesterday on Scanning & Enumeration in penetration testing, I gave my students a quick overview of nmap. During this overview, I pointed out some of the movies that nmap made an appearance in.

Later in the afternoon, I was reminded of a video I collaborated on with Antonios Vallindras from BU’s Media School a few months ago; this was about how to design security using the metaphor of mystery.

In this video, we can see CAIRIS being used during the creation of some personas for forensic investigators. CAIRIS doesn’t play a major role in the creation of these personas but, then again, we don’t expect it to. nmap didn’t play a particularly big role in the movies they were used in either.

Any sort of design activity is people intensive, and the role of software is to make the most of human capital. CAIRIS was created to explore how software tools should enhance rather than inhibit the role of people in design.

Given the creative streak that security designers and pen testers have, I think there is a lot that the former can take away from how the latter use software tools like nmap.