Eleanor Saitta<p>A few <a href="https://infosec.exchange/tags/introductions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introductions</span></a>:</p><p>I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round <a href="https://infosec.exchange/tags/startups" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>startups</span></a>, along with <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> training and <a href="https://infosec.exchange/tags/securityarchitecture" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityarchitecture</span></a> reviews.</p><p>I've been working in <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the <a href="https://infosec.exchange/tags/briar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>briar</span></a> messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.</p><p>I live in <a href="https://infosec.exchange/tags/Helsinki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Helsinki</span></a> the days, although in the before times (and hopefully soon again) I spent a fair bit of time in <a href="https://infosec.exchange/tags/NYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NYC</span></a> and <a href="https://infosec.exchange/tags/London" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>London</span></a>. I run a <a href="https://infosec.exchange/tags/queer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>queer</span></a> performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for <a href="https://infosec.exchange/tags/drag" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>drag</span></a>, <a href="https://infosec.exchange/tags/burlesque" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>burlesque</span></a>, <a href="https://infosec.exchange/tags/performanceart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>performanceart</span></a>, and music, along other things. Before I moved here, I spent six or so years traveling full time.</p><p>I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about <a href="https://infosec.exchange/tags/complexsystems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>complexsystems</span></a>, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the <a href="https://infosec.exchange/tags/climate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>climate</span></a> apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere. </p><p>I'm also an <a href="https://infosec.exchange/tags/artist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>artist</span></a>; I paint and am slowly learning my way around a <a href="https://infosec.exchange/tags/synthesizer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>synthesizer</span></a>, and I've been accused of being an <a href="https://infosec.exchange/tags/architect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>architect</span></a>. I'm active in the <a href="https://infosec.exchange/tags/nordiclarp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nordiclarp</span></a> scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my <a href="https://infosec.exchange/tags/designfutures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>designfutures</span></a> thinking.</p>